Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ScreenBeam_Conference_Windows.msi

Overview

General Information

Sample name:ScreenBeam_Conference_Windows.msi
Analysis ID:1364186
MD5:80744017cd0ede4bc3c925568c88fac5
SHA1:8b9bfca894fd934c37e3b5ac237956a36ac1cf69
SHA256:3c1b3c446dbaca7916fe7a8294637d831047891de5163bb53d3ca776a37e220e
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Drops executables to the windows directory (C:\Windows) and starts them
Sample is not signed and drops a device driver
Yara detected Generic Downloader
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains functionality to read device registry values (via SetupAPI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Queries device information via Setup API
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Tries to load missing DLLs

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 7140 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\ScreenBeam_Conference_Windows.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 6196 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 6284 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 06B685FB1F6826D14A4ACA5AAE1577C5 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 6620 cmdline: C:\Windows\System32\MsiExec.exe -Embedding 3481905E088C370D775B2727350976C1 C MD5: E5DA170027542E25EDE42FC54C929077)
      • rundll32.exe (PID: 7128 cmdline: rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI8B45.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6458234 90 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting MD5: EF3179D498793BF4234F708D3BE28633)
        • DefMic.exe (PID: 5304 cmdline: "DefMic.exe" --def MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 2892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rundll32.exe (PID: 772 cmdline: rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI90F4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6459640 100 ByomCustomAction!ByomCustomAction.CustomActions.VerifyDriverBusy MD5: EF3179D498793BF4234F708D3BE28633)
        • DefMic.exe (PID: 1456 cmdline: "DefMic.exe" --list MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 1516 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sbdrvmgr.exe (PID: 3872 cmdline: "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5 MD5: C7EEAC397EC6B4EC895E89D0E43C652D)
          • conhost.exe (PID: 4996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • DefMic.exe (PID: 2680 cmdline: "DefMic.exe" --list MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 4456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sbdrvmgr.exe (PID: 6968 cmdline: "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5 MD5: C7EEAC397EC6B4EC895E89D0E43C652D)
          • conhost.exe (PID: 3384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rundll32.exe (PID: 4088 cmdline: rundll32.exe "C:\Users\user\AppData\Local\Temp\MSIB601.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6469109 128 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting MD5: EF3179D498793BF4234F708D3BE28633)
        • DefMic.exe (PID: 3896 cmdline: "DefMic.exe" --def MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 3520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rundll32.exe (PID: 976 cmdline: rundll32.exe "C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6470359 138 ByomCustomAction!ByomCustomAction.CustomActions.GetSBUCRunningProcesses MD5: EF3179D498793BF4234F708D3BE28633)
        • DefMic.exe (PID: 6008 cmdline: "DefMic.exe" --list MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 1464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sbdrvmgr.exe (PID: 716 cmdline: "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5 MD5: C7EEAC397EC6B4EC895E89D0E43C652D)
          • conhost.exe (PID: 2852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rundll32.exe (PID: 5272 cmdline: rundll32.exe "C:\Users\user\AppData\Local\Temp\MSIC545.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6473015 164 ByomCustomAction!ByomCustomAction.CustomActions.RemoveDriver MD5: EF3179D498793BF4234F708D3BE28633)
        • sbdrvmgr.exe (PID: 4448 cmdline: sbdrvmgr.exe" --remove "ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5 MD5: C7EEAC397EC6B4EC895E89D0E43C652D)
          • conhost.exe (PID: 5168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msiexec.exe (PID: 1028 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 9142454F69078BDCE0A87A3C5903BEB2 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 2336 cmdline: C:\Windows\System32\MsiExec.exe -Embedding 1105B354BECBE4DDF142AFD791CBBACB MD5: E5DA170027542E25EDE42FC54C929077)
      • rundll32.exe (PID: 2140 cmdline: rundll32.exe "C:\Windows\Installer\MSID5B7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6477312 133 ByomCustomAction!ByomCustomAction.CustomActions.GetSBUCRunningProcesses MD5: EF3179D498793BF4234F708D3BE28633)
        • DefMic.exe (PID: 4092 cmdline: "DefMic.exe" --list MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 5052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sbdrvmgr.exe (PID: 6328 cmdline: "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5 MD5: C7EEAC397EC6B4EC895E89D0E43C652D)
          • conhost.exe (PID: 6352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rundll32.exe (PID: 6604 cmdline: rundll32.exe "C:\Windows\Installer\MSIDD79.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6479218 160 ByomCustomAction!ByomCustomAction.CustomActions.WaitForUnpairDeviceApp MD5: EF3179D498793BF4234F708D3BE28633)
      • rundll32.exe (PID: 5744 cmdline: rundll32.exe "C:\Windows\Installer\MSIF4AE.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6485156 168 ByomCustomAction!ByomCustomAction.CustomActions.StopSBUCProcesses MD5: EF3179D498793BF4234F708D3BE28633)
        • DefMic.exe (PID: 6336 cmdline: "DefMic.exe" --list MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 4904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sbdrvmgr.exe (PID: 5856 cmdline: "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5 MD5: C7EEAC397EC6B4EC895E89D0E43C652D)
          • conhost.exe (PID: 2936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • DefMic.exe (PID: 7128 cmdline: "DefMic.exe" --list MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 7032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sbdrvmgr.exe (PID: 1516 cmdline: "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5 MD5: C7EEAC397EC6B4EC895E89D0E43C652D)
          • conhost.exe (PID: 2116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rundll32.exe (PID: 6992 cmdline: rundll32.exe "C:\Windows\Installer\MSIFFF9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6488062 220 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting MD5: EF3179D498793BF4234F708D3BE28633)
        • DefMic.exe (PID: 1136 cmdline: "DefMic.exe" --def MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 2680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rundll32.exe (PID: 5132 cmdline: rundll32.exe "C:\Windows\Installer\MSIAF7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6490875 230 ByomCustomAction!ByomCustomAction.CustomActions.SetIsInstallingTrue MD5: EF3179D498793BF4234F708D3BE28633)
      • rundll32.exe (PID: 1848 cmdline: rundll32.exe "C:\Windows\Installer\MSI10D6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6492359 437 ByomCustomAction!ByomCustomAction.CustomActions.IsDriverBusy MD5: EF3179D498793BF4234F708D3BE28633)
        • DefMic.exe (PID: 2568 cmdline: "DefMic.exe" --list MD5: F03298C90AB58E72A04E1AA310608B4C)
          • conhost.exe (PID: 3968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sbdrvmgr.exe (PID: 3128 cmdline: "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5 MD5: C7EEAC397EC6B4EC895E89D0E43C652D)
          • conhost.exe (PID: 3408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rundll32.exe (PID: 5820 cmdline: rundll32.exe "C:\Windows\Installer\MSI175F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6494031 452 ByomCustomAction!ByomCustomAction.CustomActions.DisableCampfilters MD5: EF3179D498793BF4234F708D3BE28633)
        • regsvr32.exe (PID: 2328 cmdline: regsvr32" /u /s "C:\Program Files\ScreenBeam\Conference\\app\Filters\x86\SBCamFilter32.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files\ScreenBeam\Conference\service\netstandard.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeamJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\ConferenceJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\appJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\appsettingsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\appsettings\settings.jsonJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\eula.rtfJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\ScreenBeam.bmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\ScreenBeam.icoJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ControlzEx.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ControlzEx.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ControlzEx.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\deJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\de\MahApps.Metro.resources.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\FiltersJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avcodec-58.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avformat-58.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avutil-56.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libcrypto-1_1-x64.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libssl-1_1-x64.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\OnvifClientLibrary.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBCamFilter64.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBRTSPAudio64.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swresample-3.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swscale-5.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avcodec-58.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avformat-58.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avutil-56.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libcrypto-1_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libssl-1_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\OnvifClientLibrary.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBCamFilter32.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBRTSPAudio32.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swresample-3.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swscale-5.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacdisable.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacenable.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Fizzler.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Hardcodet.NotifyIcon.Wpf.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Hardcodet.NotifyIcon.Wpf.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\HtmlToXamlConverter.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ImagesJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Camera 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Camera 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Conf 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Conf 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Conf 02.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Conf 02b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Connect 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Connect 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Connect 02.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Connect 02b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Devices 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Devices 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Display 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Display 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Display 02.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Display 02b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Go2Meeting.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\GoogleMeet_audio.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\GoogleMeet_video.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Hamburger 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Hamburger 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\ham_menu.svgJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\info-icon.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\panic_button.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\repair_icon.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\ScreenBeamLogo.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Settings 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Settings 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Source 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Source 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Teams_03.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\teams_settings.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\warning-orange.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Warning_blk.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Warning_red.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Webex_audio.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Webex_video.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Zoom_audio.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\zoom_settings.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Zoom_video.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Expression.Interactions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Expression.Interactions.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Newtonsoft.Json.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Newtonsoft.Json.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\NLog.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\NLog.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\NLog.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\qf4net.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Common.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Common.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Model.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Model.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.ViewModel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.ViewModel.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Svg.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Svg.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Buffers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Buffers.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Memory.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Memory.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Numerics.Vectors.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Numerics.Vectors.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.CompilerServices.Unsafe.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.CompilerServices.Unsafe.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.ValueTuple.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.ValueTuple.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Windows.Interactivity.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Windows.Interactivity.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audioJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vacJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\instrmv.cmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vacJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd.infJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd6x.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd6x.infJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbcp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbcp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgrJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x64\wdmdrvmgr.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x86\wdmdrvmgr.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\serviceJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\NLog.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\NLog.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\NLog.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\qf4net.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Common.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Common.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vacJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\instrmv.cmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vacJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd.infJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd6x.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd6x.infJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbcp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbcp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgrJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x64\wdmdrvmgr.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x86\wdmdrvmgr.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.WindowsRuntime.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.WindowsRuntime.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.FoundationContract.winmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.UniversalApiContract.winmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Windows.WinMDJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\CreateProcessAsUser.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\Microsoft.Win32.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\netstandard.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.AppContext.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.Concurrent.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.NonGeneric.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.Specialized.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.EventBasedAsync.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.TypeConverter.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Console.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Data.Common.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Contracts.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Debug.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.FileVersionInfo.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Process.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.StackTrace.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TextWriterTraceListener.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tools.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TraceSource.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tracing.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Drawing.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Dynamic.Runtime.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Calendars.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Extensions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.ZipFile.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.DriveInfo.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Watcher.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.IsolatedStorage.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.MemoryMappedFiles.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.Pipes.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.UnmanagedMemoryStream.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Expressions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Parallel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Queryable.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Http.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.NameResolution.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.NetworkInformation.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Ping.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Requests.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Security.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Sockets.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebHeaderCollection.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.Client.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ObjectModel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Extensions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Resources.Reader.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Resources.ResourceManager.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Resources.Writer.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.CompilerServices.VisualC.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Extensions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Handles.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.RuntimeInformation.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Numerics.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Formatters.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Json.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Xml.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.WindowsRuntime.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.WindowsRuntime.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Claims.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Algorithms.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Csp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Encoding.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.X509Certificates.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Principal.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.SecureString.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.Extensions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Text.RegularExpressions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Overlapped.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.Parallel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Thread.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.ThreadPool.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Timer.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ValueTuple.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.ReaderWriter.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XDocument.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlDocument.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlSerializer.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.XDocument.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.FoundationContract.winmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.UniversalApiContract.winmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\Windows.WinMDJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\config1_base.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\ipsee.txtJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libcrypto-1_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libssl-1_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\MultiOnvifServer.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\runconfig.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\ssl.caJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\ssl.keyJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\user manual.pdfJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\vcruntime140.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\zlibwapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\en-USJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\en-US\SBConference.Model.resources.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\XamlAnimatedGif.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\XamlAnimatedGif.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Interop.NetFwTypeLib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\config2_base.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.Direct3D9.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.DXGI.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.Mathematics.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.MediaFoundation.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\BouncyCastle.Crypto.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreenBeam Conference 1.0.5.3Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\eula.rtfJump to behavior
    Source: Binary string: \??\C:\Windows\DefMic.pdb<, source: DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdb*c source: DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: shiD545.tmp.30.dr
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbuser\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\UsersC: source: DefMic.exe, 00000021.00000002.2471297325.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551236682.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594285981.0000000000822000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: Release\DefMic.pdb source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2389680692.0000000000F4A000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594285981.0000000000822000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622077757.0000000000650000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: dows\exe\DefMic.pdbb source: DefMic.exe, 00000017.00000002.2411501774.0000000001233000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.Common.pdb_1 source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb|G source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E1D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E50000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622077757.0000000000650000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\agent\_work\66\s\build\ship\x64\SfxCA.pdb source: ScreenBeam_Conference_Windows.msi, MSI5566.tmp.1.dr, MSI8B45.tmp.0.dr
    Source: Binary string: Microsoft.Xaml.Behaviors.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\Installer\MSIF4AE.tmp-\DefMic.PDB source: DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.Model.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: m,C:\Windows\DefMic.pdb source: DefMic.exe, 00000008.00000002.2283341118.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2294641298.0000000000AFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302047187.00000000012FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2389501243.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2411485469.00000000010FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471142553.000000000073A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551012296.0000000000D5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2559593495.0000000000B5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594040304.000000000055A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622012019.00000000004FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: XamlAnimatedGif.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbemp\MSI90F4.tmp-\DefMic.PDB source: DefMic.exe, 0000000B.00000002.2294641298.0000000000AFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302047187.00000000012FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdb source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302139876.0000000001497000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2389680692.0000000000F3B000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdba} source: DefMic.exe, 00000017.00000002.2411501774.0000000001233000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.1.dr
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbemp\MSIB601.tmp-\DefMic.PDB source: DefMic.exe, 00000014.00000002.2389501243.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: enkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb source: DefMic.exe, 00000028.00000002.2551236682.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdb source: NLog.dll.1.dr
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbVV source: DefMic.exe, 00000014.00000002.2389680692.0000000000F4A000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb/jIj ;j_CorExeMainmscoree.dll source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000008.00000000.2279245164.0000000000872000.00000002.00000001.01000000.00000007.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2294905488.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302139876.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2411501774.0000000001241000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471297325.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551236682.0000000000F74000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9DA4000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622077757.000000000067B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.000002754530F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbemp\MSIBAD4.tmp-\DefMic.PDB source: DefMic.exe, 00000017.00000002.2411485469.00000000010FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: StreamPlayback.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: MahApps.Metro.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: dows\dll\mscorlib.pdb source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551236682.0000000000F55000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622077757.0000000000650000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.ResourceManager\4.0.1.0\System.Resources.ResourceManager.pdb source: System.Resources.ResourceManager.dll.1.dr
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb* source: System.Diagnostics.Process.dll.1.dr
    Source: Binary string: Osymbols\exe\DefMic.pdb source: DefMic.exe, 00000035.00000002.2622012019.00000000004FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: SBConfDiag.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO\4.1.2.0\System.IO.pdb source: System.IO.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\ExternalUICleaner.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb{ source: DefMic.exe, 00000017.00000002.2411501774.0000000001241000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.pdbc9 source: DefMic.exe, 00000017.00000002.2411501774.0000000001241000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSIF4AE.tmp-\DefMic.pdb source: DefMic.exe, 00000028.00000002.2551236682.0000000000F55000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ControlzEx.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: Release\DefMic.pdb/jI source: DefMic.exe, 00000014.00000002.2389680692.0000000000F4A000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594285981.0000000000822000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\mscorlib.pdb source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302139876.0000000001476000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2389680692.0000000000EDE000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471297325.0000000000890000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551236682.0000000000F30000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622077757.0000000000650000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb#rJn source: DefMic.exe, 00000035.00000002.2622077757.000000000063C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: UnpairDeviceApp.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.pdbad source: DefMic.exe, 00000017.00000002.2411501774.0000000001241000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: Microsoft.Xaml.Behaviors.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Data.Common/netfx\System.Data.Common.pdb source: System.Data.Common.dll.1.dr
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbindows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\DA source: DefMic.exe, 0000000F.00000002.2302139876.00000000014A3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.pdb source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdbd, source: DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.Common.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdb source: System.Resources.Writer.dll.1.dr
    Source: Binary string: SBConference.Model.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\DefMic.pdbx source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E31000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbbY source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E50000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbf source: DefMic.exe, 00000014.00000002.2389680692.0000000000F3B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ScreenBeamConference.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: Usymbols\exe\DefMic.pdb source: DefMic.exe, 00000031.00000002.2594040304.000000000055A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdbD source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.pdbs source: DefMic.exe, 00000014.00000002.2389680692.0000000000F22000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb$*>* 0*_CorDllMainmscoree.dll source: System.Reflection.Primitives.dll.1.dr
    Source: Binary string: mC:\Windows\Installer\MSI10D6.tmp-\DefMic.pdb source: DefMic.exe, 00000035.00000002.2622012019.00000000004FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdbC source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbb:<' source: DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbemp\MSI8B45.tmp-\DefMic.PDB source: DefMic.exe, 00000008.00000002.2283341118.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer\msi-installer\ByomCustomAction\ByomCustomAction\obj\x64\Release\ByomCustomAction.pdb source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D4B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E28000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB12F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B837F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B6028F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C19000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B43747000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705306A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914E6E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.00000249632D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9D70000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.00000275452DB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: ControlzEx.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: mC:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.pdb source: DefMic.exe, 00000008.00000002.2283341118.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D4B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E28000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB12F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B837F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B6028F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C19000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B43747000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705306A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914E6E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.00000249632D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9D70000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.00000275452DB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSI10D6.tmp-\DefMic.pdb source: DefMic.exe, 00000035.00000002.2622077757.0000000000650000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSID5B7.tmp-\DefMic.pdb. source: DefMic.exe, 00000021.00000002.2471297325.00000000008B0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: UnpairDeviceApp.pdb^ source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: .0_4.0.0.0__b77a5c561934e089\mscorlib.pdb9\ source: DefMic.exe, 00000028.00000002.2551236682.0000000000F68000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XPath\4.0.3.0\System.Xml.XPath.pdb source: System.Xml.XPath.dll.1.dr
    Source: Binary string: symbols\exe\DefMic.pdb source: DefMic.exe, 00000008.00000002.2283341118.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2294641298.0000000000AFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302047187.00000000012FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2389501243.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2411485469.00000000010FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551012296.0000000000D5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2559593495.0000000000B5A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdbSHA256 source: NLog.dll.1.dr
    Source: Binary string: enkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbe source: DefMic.exe, 0000000F.00000002.2302139876.00000000014A3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ScreenBeamConference.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\DefMic.pdbU source: DefMic.exe, 00000028.00000002.2551236682.0000000000F30000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb} source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: enkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbo source: DefMic.exe, 00000017.00000002.2411501774.0000000001241000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdbl( source: System.Resources.Writer.dll.1.dr
    Source: Binary string: \??\C:\Windows\Installer\MSIF4AE.tmp-\DefMic.PDBbM source: DefMic.exe, 00000028.00000002.2551236682.0000000000F55000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: enkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbs source: DefMic.exe, 00000014.00000002.2389680692.0000000000F4A000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.Service.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: StreamPlayback.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\Installer\MSIFFF9.tmp-\DefMic.PDBby source: DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbb:@v source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E1D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\aipackagechainer.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdb% source: DefMic.exe, 00000014.00000002.2389680692.0000000000F3B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\svn\happytimesoft\onvifclient\bin\x64\OnvifClientLibrary.pdb source: OnvifClientLibrary.dll.1.dr
    Source: Binary string: C:\Windows\DefMic.pdbpdbMic.pdb source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2294905488.0000000000E50000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2389680692.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471297325.00000000008B0000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622077757.0000000000650000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: dows\exe\DefMic.pdb source: DefMic.exe, 00000035.00000002.2622077757.0000000000650000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\NetFirewall.pdb; source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.pdb source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E50000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: dows\dll\mscorlib.pdbV source: DefMic.exe, 00000021.00000002.2471297325.00000000008B0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mC:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.pdb source: DefMic.exe, 0000000B.00000002.2294641298.0000000000AFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302047187.00000000012FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: Release\DefMic.pdb/jII source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdb source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302139876.0000000001476000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2389680692.0000000000EDE000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2411501774.000000000122A000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551236682.0000000000F30000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.PDB source: DefMic.exe, 00000014.00000002.2389680692.0000000000F22000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdb source: DefMic.exe, 0000000F.00000002.2302139876.0000000001463000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EE3000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594285981.00000000007DB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mC:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.pdb source: DefMic.exe, 00000014.00000002.2389501243.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: dows\dll\mscorlib.pdbq source: DefMic.exe, 00000014.00000002.2389680692.0000000000F3B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\mscorlib.pdb8LM source: DefMic.exe, 00000017.00000002.2411501774.000000000122A000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdb/ source: DefMic.exe, 00000021.00000002.2471297325.0000000000890000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSIF4AE.tmp-\DefMic.pdbesCH source: DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdb. source: DefMic.exe, 0000000F.00000002.2302139876.0000000001476000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mC:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.pdb source: DefMic.exe, 00000017.00000002.2411485469.00000000010FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb+ source: DefMic.exe, 00000031.00000002.2594285981.00000000007DB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbmp-\DefMic.PDB source: DefMic.exe, 00000021.00000002.2471142553.000000000073A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551012296.0000000000D5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2559593495.0000000000B5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594040304.000000000055A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622012019.00000000004FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: SBConference.ViewModel.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.IsolatedStorage\4.0.2.0\System.IO.IsolatedStorage.pdb source: System.IO.IsolatedStorage.dll.1.dr
    Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D4B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E28000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB12F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B837F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B6028F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C19000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B43747000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705306A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914E6E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.00000249632D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9D70000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.00000275452DB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.ViewModel.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: XamlAnimatedGif.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\mscorlib.pdb# source: DefMic.exe, 00000014.00000002.2389680692.0000000000EDE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbbU source: DefMic.exe, 00000028.00000002.2551236682.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_Nra source: DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.Service.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbbH source: DefMic.exe, 00000031.00000002.2594285981.00000000007DB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.Common.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbM@Z source: DefMic.exe, 00000028.00000002.2551236682.0000000000F55000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbb*I source: DefMic.exe, 00000008.00000002.2283383506.0000000000E5C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSIFFF9.tmp-\DefMic.pdb source: DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb source: System.Windows.Interactivity.dll.1.dr
    Source: Binary string: SBConfDiag.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbOmIR2 source: DefMic.exe, 0000000F.00000002.2302139876.0000000001497000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSI10D6.tmp-\DefMic.pdbes source: DefMic.exe, 00000035.00000002.2622077757.0000000000650000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.PDBs$ source: DefMic.exe, 00000017.00000002.2411501774.0000000001241000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.pdb source: DefMic.exe, 00000014.00000002.2389680692.0000000000F22000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSIFFF9.tmp-\DefMic.pdbes source: DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\Users\ScreenBeam\Projects\sb-conference-installer\byom-rtsp-client\sbdrvmgr\sbdrvmgr\obj\x64\Release\sbdrvmgr.pdb source: rundll32.exe, 00000007.00000003.2274578787.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274539346.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288912821.0000020FA7371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, sbdrvmgr.exe, 0000000D.00000000.2295702685.000001E6EBCC2000.00000002.00000001.01000000.0000000C.sdmp, rundll32.exe, 00000013.00000003.2383949526.000001F5D9542000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395878430.00000298B68B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422266724.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422207004.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2465117874.00000202E10A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484246063.0000024B41D71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544271774.000002705155F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575312221.0000013913361000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600719988.0000024961770000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600794506.0000024961770000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9DA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615961862.000001D9F8331000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2616070440.000001D9F8331000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.000002754530F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000
    Source: Binary string: SBConference.Common.pdb_1 source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbt source: DefMic.exe, 00000021.00000002.2471297325.0000000000890000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: ScreenBeam_Conference_Windows.msi, MSI9257.tmp.0.dr, MSI9227.tmp.0.dr
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb source: System.Diagnostics.Process.dll.1.dr
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.pdbs source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.pdb089Z# S source: DefMic.exe, 0000000F.00000002.2302139876.0000000001476000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbb source: DefMic.exe, 00000014.00000002.2389680692.0000000000EFF000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2411501774.00000000011FC000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471297325.000000000087B000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EE3000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622077757.000000000063C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mC:\Windows\Installer\MSID5B7.tmp-\DefMic.pdb source: DefMic.exe, 00000021.00000002.2471142553.000000000073A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: MahApps.Metro.pdbx& source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.pdbst source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E50000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdberDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\Lo source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E63000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbb6 source: DefMic.exe, 00000028.00000002.2551236682.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XDocument\4.0.11.0\System.Xml.XDocument.pdb source: System.Xml.XDocument.dll.1.dr
    Source: Binary string: C:\svn\happytimesoft\onvifclient\bin\x64\OnvifClientLibrary.pdb22 source: OnvifClientLibrary.dll.1.dr
    Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9DA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.000002754530F000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.dr
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbb source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471297325.00000000008B0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9DA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.000002754530F000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.dr
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbb" source: DefMic.exe, 0000000F.00000002.2302139876.0000000001463000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: DefMic.exe, 00000021.00000002.2471297325.0000000000890000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbT source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E50000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbM} source: DefMic.exe, 00000017.00000002.2411501774.0000000001233000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\NetFirewall.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdba^k source: DefMic.exe, 00000014.00000002.2389680692.0000000000F22000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\mscorlib.pdbg source: DefMic.exe, 00000021.00000002.2471297325.0000000000890000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdbrE source: DefMic.exe, 00000035.00000002.2622077757.0000000000650000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.Primitives\4.0.3.0\System.IO.FileSystem.Primitives.pdb source: System.IO.FileSystem.Primitives.dll.1.dr
    Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: DefMic.exe, 00000008.00000002.2283383506.0000000000E5C000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471297325.000000000087B000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EE3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Collections.NonGeneric\4.0.3.0\System.Collections.NonGeneric.pdb source: System.Collections.NonGeneric.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\ExternalUICleaner.pdb3 source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: }enkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb} source: DefMic.exe, 00000031.00000002.2594285981.0000000000822000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbXm^R3 source: DefMic.exe, 0000000F.00000002.2302139876.0000000001497000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb== source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSID5B7.tmp-\DefMic.PDB source: DefMic.exe, 00000021.00000002.2471297325.00000000008B0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000008.00000002.2283341118.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000008.00000000.2279245164.0000000000872000.00000002.00000001.01000000.00000007.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2294641298.0000000000AFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2294905488.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302139876.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302047187.00000000012FA000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2389501243.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2411501774.0000000001241000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2411485469.00000000010FA000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471297325.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471142553.000000000073A000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551236682.0000000000F74000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551012296.0000000000D5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2559593495.0000000000B5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594040304.000000000055A000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9DA4000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622012019.00000000004FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622077757.000000000067B000.00000
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb1c source: DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\mscorlib.pdbu source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E31000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ssymbols\exe\DefMic.pdb source: DefMic.exe, 00000021.00000002.2471142553.000000000073A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\mscorlib.pdbv source: DefMic.exe, 0000000F.00000002.2302139876.0000000001476000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Serialization.Json\4.0.1.0\System.Runtime.Serialization.Json.pdb source: System.Runtime.Serialization.Json.dll.1.dr
    Source: Binary string: mC:\Windows\Installer\MSIFFF9.tmp-\DefMic.pdb source: DefMic.exe, 00000031.00000002.2594040304.000000000055A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: m.pdb source: DefMic.exe, 00000008.00000002.2283341118.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2294641298.0000000000AFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302047187.00000000012FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2389501243.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2411485469.00000000010FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471142553.000000000073A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551012296.0000000000D5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2559593495.0000000000B5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594040304.000000000055A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622012019.00000000004FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: mC:\Windows\Installer\MSIF4AE.tmp-\DefMic.pdb source: DefMic.exe, 00000028.00000002.2551012296.0000000000D5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2559593495.0000000000B5A000.00000004.00000010.00020000.00000000.sdmp
    Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior

    Networking

    barindex
    Yara detected Generic Downloader
    Source: Yara matchFile source: C:\Program Files\ScreenBeam\Conference\service\netstandard.dll, type: DROPPED
    Source: ScreenBeam_Conference_Windows.msiString found in binary or memory: http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor
    Source: rundll32.exe, 00000007.00000003.2274578787.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274539346.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288912821.0000020FA7371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383949526.000001F5D9542000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395878430.00000298B68B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422266724.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422207004.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2465117874.00000202E10A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484246063.0000024B41D71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544271774.000002705155F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575312221.0000013913361000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: rundll32.exe, 00000007.00000003.2274578787.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274539346.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288912821.0000020FA7371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383949526.000001F5D9542000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395878430.00000298B68B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422266724.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422207004.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2465117874.00000202E10A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484246063.0000024B41D71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544271774.000002705155F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575312221.0000013913361000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: rundll32.exe, 00000007.00000003.2274578787.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274539346.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288912821.0000020FA7371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383949526.000001F5D9542000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395878430.00000298B68B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422266724.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422207004.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2465117874.00000202E10A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484246063.0000024B41D71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544271774.000002705155F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575312221.0000013913361000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9DA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.000002754530F000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: rundll32.exe, 00000007.00000003.2274578787.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274539346.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288912821.0000020FA7371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383949526.000001F5D9542000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395878430.00000298B68B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422266724.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422207004.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2465117874.00000202E10A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484246063.0000024B41D71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544271774.000002705155F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575312221.0000013913361000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: rundll32.exe, 00000007.00000003.2274578787.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274539346.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288912821.0000020FA7371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383949526.000001F5D9542000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395878430.00000298B68B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422266724.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422207004.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2465117874.00000202E10A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484246063.0000024B41D71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544271774.000002705155F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575312221.0000013913361000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
    Source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9DA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.000002754530F000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: NLog.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9DA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.000002754530F000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
    Source: rundll32.exe, 00000007.00000003.2274578787.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274539346.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288912821.0000020FA7371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383949526.000001F5D9542000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395878430.00000298B68B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422266724.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422207004.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2465117874.00000202E10A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484246063.0000024B41D71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544271774.000002705155F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575312221.0000013913361000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: rundll32.exe, 00000007.00000003.2274578787.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274539346.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288912821.0000020FA7371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383949526.000001F5D9542000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395878430.00000298B68B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422266724.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422207004.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2465117874.00000202E10A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484246063.0000024B41D71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544271774.000002705155F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575312221.0000013913361000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
    Source: rundll32.exe, 00000007.00000003.2274578787.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274539346.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288912821.0000020FA7371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383949526.000001F5D9542000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395878430.00000298B68B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422266724.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422207004.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2465117874.00000202E10A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484246063.0000024B41D71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544271774.000002705155F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575312221.0000013913361000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9DA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.000002754530F000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
    Source: rundll32.exe, 00000007.00000003.2274578787.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274539346.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288912821.0000020FA7371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383949526.000001F5D9542000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395878430.00000298B68B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422266724.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422207004.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2465117874.00000202E10A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484246063.0000024B41D71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544271774.000002705155F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575312221.0000013913361000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: rundll32.exe, 00000007.00000003.2274578787.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274539346.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288912821.0000020FA7371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383949526.000001F5D9542000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395878430.00000298B68B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422266724.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422207004.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2465117874.00000202E10A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484246063.0000024B41D71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544271774.000002705155F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575312221.0000013913361000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://docs.oasis-open.org/wsn/bw-2/NotificationProducer/SubscribeRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://docs.oasis-open.org/wsn/bw-2/PausableSubscriptionManager/PauseSubscriptionRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://docs.oasis-open.org/wsn/bw-2/PausableSubscriptionManager/ResumeSubscriptionRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://docs.oasis-open.org/wsn/bw-2/PullPoint/DestroyPullPointRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://docs.oasis-open.org/wsn/bw-2/PullPoint/GetMessagesRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://docs.oasis-open.org/wsn/bw-2/SubscriptionManager/RenewRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://docs.oasis-open.org/wsn/bw-2/SubscriptionManager/UnsubscribeRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest
    Source: Newtonsoft.Json.dll.32.drString found in binary or memory: http://james.newtonking.com/projects/json
    Source: avcodec-58.dll.1.drString found in binary or memory: http://lame.sf.net
    Source: avcodec-58.dll.1.drString found in binary or memory: http://lame.sf.net64bits../../lame-3.100/libmp3lame/mpglib_interface.c0
    Source: rundll32.exe, 00000039.00000002.2638501611.00000275437C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://msdn.m
    Source: rundll32.exe, 00000016.00000002.2418388407.00000298B68F9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000002.2638501611.00000275437C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://msdn.micro
    Source: rundll32.exe, 0000001B.00000002.2428761935.0000020B5E8EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://msdn.microso
    Source: NLog.dll.1.drString found in binary or memory: http://nlog-project.org/dummynamespace/
    Source: NLog.dll.1.drString found in binary or memory: http://nlog-project.org/ws/
    Source: NLog.dll.1.drString found in binary or memory: http://nlog-project.org/ws/3
    Source: NLog.dll.1.drString found in binary or memory: http://nlog-project.org/ws/5
    Source: NLog.dll.1.drString found in binary or memory: http://nlog-project.org/ws/ILogReceiverOneWayServer/ProcessLogMessages
    Source: NLog.dll.1.drString found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesResponsep
    Source: NLog.dll.1.drString found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesT
    Source: NLog.dll.1.drString found in binary or memory: http://nlog-project.org/ws/T
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.drString found in binary or memory: http://ocsp.digicert.com0
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.drString found in binary or memory: http://ocsp.digicert.com0A
    Source: rundll32.exe, 00000007.00000003.2274578787.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274539346.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288912821.0000020FA7371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383949526.000001F5D9542000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395878430.00000298B68B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422266724.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422207004.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2465117874.00000202E10A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484246063.0000024B41D71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544271774.000002705155F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575312221.0000013913361000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
    Source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9DA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.000002754530F000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.drString found in binary or memory: http://ocsp.digicert.com0K
    Source: rundll32.exe, 00000007.00000003.2274578787.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274539346.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288912821.0000020FA7371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383949526.000001F5D9542000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395878430.00000298B68B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422266724.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422207004.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2465117874.00000202E10A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484246063.0000024B41D71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544271774.000002705155F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575312221.0000013913361000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
    Source: rundll32.exe, 00000007.00000003.2274578787.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274539346.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288912821.0000020FA7371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383949526.000001F5D9542000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395878430.00000298B68B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422266724.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422207004.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2465117874.00000202E10A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484246063.0000024B41D71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544271774.000002705155F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575312221.0000013913361000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
    Source: ScreenBeam_Conference_Windows.msi, System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.dr, System.Collections.NonGeneric.dll.1.dr, System.Xml.XPath.dll.1.dr, System.Diagnostics.Process.dll.1.dr, System.Windows.Interactivity.dll.1.dr, System.Resources.Writer.dll.1.dr, System.IO.dll.1.dr, System.Resources.ResourceManager.dll.1.dr, OnvifClientLibrary.dll.1.dr, SBConference.Model.dll.1.dr, NLog.dll.1.drString found in binary or memory: http://ocsp.digicert.com0X
    Source: SBConference.Model.dll.1.drString found in binary or memory: http://schemas.screenbeam.com/resources
    Source: NLog.dll.1.drString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
    Source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9DA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.000002754530F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org
    Source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D4B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E28000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB12F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B837F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B6028F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C19000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B43747000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705306A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914E6E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.00000249632D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9D70000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.00000275452DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
    Source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D4B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E28000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB12F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B837F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B6028F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C19000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B43747000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705306A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914E6E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.00000249632D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9D70000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.00000275452DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/news/
    Source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D4B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E28000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB12F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B837F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B6028F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C19000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B43747000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705306A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914E6E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.00000249632D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9D70000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.00000275452DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/releases/
    Source: rundll32.exe, 00000007.00000003.2274578787.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274539346.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288912821.0000020FA7371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383949526.000001F5D9542000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395878430.00000298B68B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422266724.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422207004.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2465117874.00000202E10A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484246063.0000024B41D71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544271774.000002705155F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575312221.0000013913361000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accesscontrol/wsdl/DisableAccessPoint
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accesscontrol/wsdl/EnableAccessPoint
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accesscontrol/wsdl/GetAccessPointInfo
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accesscontrol/wsdl/GetAccessPointInfoList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accesscontrol/wsdl/GetAccessPointState
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accesscontrol/wsdl/GetAreaInfo
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accesscontrol/wsdl/GetAreaInfoList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accesscontrol/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/CreateAccessProfile
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/CreateAccessProfileV
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/DeleteAccessProfile
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/DeleteAccessProfileX
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfileInfo
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfileInfoList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfileInfoListS
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfileInfoR
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfileList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfileListU
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfiles
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfilesT
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/GetServiceCapabilitiesQ
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/ModifyAccessProfile
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/accessrules/wsdl/ModifyAccessProfileW
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/CreateCredential
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/CreateCredentialC
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/DeleteCredential
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/DeleteCredentialAccessProfiles
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/DeleteCredentialAccessProfilesP
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/DeleteCredentialE
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/DeleteCredentialIdentifier
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/DeleteCredentialIdentifierM
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/DisableCredential
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/DisableCredentialH
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/EnableCredential
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/EnableCredentialG
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialAccessProfiles
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialAccessProfilesN
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialIdentifiers
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialIdentifiersK
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialInfo
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialInfo?
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialInfoList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialListB
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialState
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialStateF
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentials
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetCredentialsA
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetSupportedFormatTypes
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/GetSupportedFormatTypesJ
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/ModifyCredential
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/ModifyCredentialD
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/ResetAntipassbackViolation
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/ResetAntipassbackViolationI
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/SetCredentialAccessProfiles
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/SetCredentialAccessProfilesO
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/SetCredentialIdentifier
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/credential/wsdl/SetCredentialIdentifierL
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/AddIPAddressFilter
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/AddScopes
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/CreateStorageConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/CreateUsers
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/DeleteGeoLocation
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/DeleteStorageConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/DeleteUsers
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetAccessPolicy
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetDNS
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetDeviceInformation
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetDiscoveryMode
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetDot11Capabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetDot11Status
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetDynamicDNS
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetEndpointReference
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetGeoLocation
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetHostname
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetIPAddressFilter
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetNTP
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetNetworkDefaultGateway
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetNetworkInterfaces
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetNetworkProtocols
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetRelayOutputs
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetRemoteUser
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetScopes
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetServices
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetStorageConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetStorageConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetSystemDateAndTime
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetSystemLog
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetSystemUris
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetUsers
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetWsdlUrl
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/GetZeroConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/RemoveIPAddressFilter
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/RemoveScopes
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/ScanAvailableDot11Networks
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SendAuxiliaryCommand
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetAccessPolicy
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetDNS
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetDiscoveryMode
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetDynamicDNS
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetGeoLocation
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetHostname
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetHostnameFromDHCP
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetIPAddressFilter
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetNTP
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetNetworkDefaultGateway
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetNetworkInterfaces
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetNetworkProtocols
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetRelayOutputSettings
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetRelayOutputState
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetRemoteUser
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetScopes
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetStorageConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetSystemDateAndTime
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetSystemFactoryDefault
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetUser
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SetZeroConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/StartFirmwareUpgrade
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/StartSystemRestore
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/device/wsdl/SystemReboot
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/deviceio/wsdl/GetDigitalInputConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/deviceio/wsdl/GetDigitalInputs
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/deviceio/wsdl/GetRelayOutputOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/deviceio/wsdl/GetRelayOutputs
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/deviceio/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/deviceio/wsdl/SetDigitalInputConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/deviceio/wsdl/SetRelayOutputSettings
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/deviceio/wsdl/SetRelayOutputState
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/AccessDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/BlockDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/CreateDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/CreateDoor2
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/DeleteDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/DeleteDoor5
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/DoubleLockDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorInfo
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorInfo%
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorInfoList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorInfoList$
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorList1
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorState
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorState&
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoors
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoors0
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/GetServiceCapabilities#
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/LockDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/LockDoor(
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/LockDownDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/LockDownReleaseDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/LockDownReleaseDoor-
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/LockOpenDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/LockOpenDoor.
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/LockOpenReleaseDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/LockOpenReleaseDoor/
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/ModifyDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/ModifyDoor4
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/SetDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/SetDoor3
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/UnlockDoor
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/doorcontrol/wsdl/UnlockDoor)
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/events/wsdl/EventPortType/CreatePullPointSubscriptionRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/events/wsdl/EventPortType/GetEventPropertiesRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/events/wsdl/EventPortType/GetServiceCapabilitiesRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/events/wsdl/PullPointSubscription/PullMessagesRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/events/wsdl/PullPointSubscription/SeekRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/events/wsdl/PullPointSubscription/SetSynchronizationPointRequest
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/AddAudioDecoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/AddAudioEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/AddAudioOutputConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/AddAudioSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/AddPTZConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/AddVideoAnalyticsConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/AddVideoEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/AddVideoSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/CreateOSD
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/CreateProfile
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/DeleteOSD
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/DeleteProfile
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioDecoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioDecoderConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioDecoderConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioEncoderConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioEncoderConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioOutputConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioOutputConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioOutputConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioOutputs
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioSourceConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioSourceConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetAudioSources
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetGuaranteedNumberOfVideoEncoderInstances
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetOSD
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetOSDOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetOSDs
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetProfile
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetProfiles
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetSnapshotUri
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetStreamUri
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetVideoAnalyticsConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetVideoEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetVideoEncoderConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetVideoEncoderConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetVideoSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetVideoSourceConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetVideoSourceConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetVideoSourceModes
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/GetVideoSources
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/RemoveAudioDecoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/RemoveAudioEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/RemoveAudioOutputConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/RemoveAudioSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/RemovePTZConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/RemoveVideoAnalyticsConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/RemoveVideoEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/RemoveVideoSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetAudioDecoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetAudioEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetAudioOutputConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetAudioSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetOSD
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetSynchronizationPoint
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetVideoAnalyticsConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetVideoEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetVideoSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/media/wsdl/SetVideoSourceMode
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/network/wsdl
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/FocusMove
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/FocusMovev
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/GetServiceCapabilitiesq
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/GetUsage
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/PanMove
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/PanMover
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/RollMove
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/RollMoveu
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/Stop
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/Stopw
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/TiltMove
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/TiltMoves
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/ZoomMove
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/provisioning/wsdl/ZoomMovet
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/ConfigureReceiver
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/ConfigureReceivern
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/CreateReceiver
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/CreateReceiverl
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/DeleteReceiver
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/DeleteReceiverm
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/GetReceiver
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/GetReceiverState
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/GetReceiverStatep
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/GetReceiverk
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/GetReceivers
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/GetReceiversj
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/GetServiceCapabilitiesi
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/SetReceiverMode
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/receiver/wsdl/SetReceiverModeo
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/CreateRecording
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/CreateRecordingJob
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/CreateTrack
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/DeleteRecording
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/DeleteRecordingJob
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/DeleteTrack
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/GetRecordingConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/GetRecordingJobConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/GetRecordingJobState
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/GetRecordingJobs
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/GetRecordingOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/GetRecordings
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/GetTrackConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/SetRecordingConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/SetRecordingJobConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/SetRecordingJobMode
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/recording/wsdl/SetTrackConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/replay/wsdl/GetReplayConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/replay/wsdl/GetReplayUri
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/replay/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/replay/wsdl/SetReplayConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/CreateSchedule
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/CreateSpecialDayGroup
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/CreateSpecialDayGroupe
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/DeleteSchedule
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/DeleteSpecialDayGroup
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/DeleteSpecialDayGroupg
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetScheduleInfo
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetScheduleInfoList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetScheduleInfoZ
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetScheduleList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetScheduleState
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetScheduleStateh
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetSchedules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetServiceCapabilitiesY
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetSpecialDayGroupInfo
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetSpecialDayGroupInfoList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetSpecialDayGroupInfoListb
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetSpecialDayGroupInfoa
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetSpecialDayGroupList
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetSpecialDayGroupListd
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetSpecialDayGroups
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/GetSpecialDayGroupsc
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/ModifySchedule
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/ModifySchedule_
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/ModifySpecialDayGroup
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/schedule/wsdl/ModifySpecialDayGroupf
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/EndSearch
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/FindEvents
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/FindMetadata
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/FindPTZPosition
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/FindRecordings
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/GetEventSearchResults
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/GetMediaAttributes
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/GetMetadataSearchResults
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/GetPTZPositionSearchResults
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/GetRecordingInformation
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/GetRecordingSearchResults
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/GetRecordingSummary
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/GetSearchState
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/search/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetConfiguration8
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetConfigurationOptions:
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetConfigurations7
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetRadiometryConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetRadiometryConfiguration;
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetRadiometryConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetRadiometryConfigurationOptions=
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/GetServiceCapabilities6
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/SetConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/SetConfiguration9
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/thermal/wsdl/SetRadiometryConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/tptz/PanTiltSpaces/GenericSpeedSpace
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/tptz/PanTiltSpaces/PositionGenericSpace
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/tptz/PanTiltSpaces/TranslationGenericSpace
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/tptz/PanTiltSpaces/VelocityGenericSpace
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/tptz/ZoomSpaces/PositionGenericSpace
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/tptz/ZoomSpaces/TranslationGenericSpace
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/tptz/ZoomSpaces/VelocityGenericSpace
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver10/tptz/ZoomSpaces/ZoomGenericSpeedSpace
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/CreateAnalyticsModules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/CreateRules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/DeleteAnalyticsModules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/DeleteRules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/GetAnalyticsModuleOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/GetAnalyticsModules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/GetRuleOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/GetRules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/GetSupportedAnalyticsModules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/GetSupportedRules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/ModifyAnalyticsModules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/analytics/wsdl/ModifyRules
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/FocusStop
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/GetCurrentPreset
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/GetImagingSettings
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/GetMoveOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/GetOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/GetPresets
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/GetStatus
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/Move
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/SetCurrentPreset
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/imaging/wsdl/SetImagingSettings
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/AddConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/CreateMask
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/CreateOSD
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/CreateProfile
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/DeleteMask
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/DeleteOSD
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/DeleteProfile
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetAnalyticsConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetAudioDecoderConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetAudioDecoderConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetAudioEncoderConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetAudioEncoderConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetAudioOutputConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetAudioOutputConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetAudioSourceConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetAudioSourceConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetMaskOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetMasks
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetMetadataConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetMetadataConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetOSDOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetOSDs
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetProfiles
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetSnapshotUri
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetStreamUri
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetVideoEncoderConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetVideoEncoderConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetVideoEncoderInstances
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetVideoSourceConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetVideoSourceConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/GetVideoSourceModes
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/RemoveConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetAudioDecoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetAudioEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetAudioOutputConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetAudioSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetMask
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetMetadataConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetOSD
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetSynchronizationPoint
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetVideoEncoderConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetVideoSourceConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/SetVideoSourceMode
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/StartMulticastStreaming
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/media/wsdl/StopMulticastStreaming
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/AbsoluteMove
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/ContinuousMove
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/CreatePresetTour
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GeoMove
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetConfigurationOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetConfigurations
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetNode
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetNodes
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetPresetTour
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetPresetTourOptions
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetPresetTours
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetPresets
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetServiceCapabilities
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GetStatus
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GotoHomePosition
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/GotoPreset
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/ModifyPresetTour
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/OperatePresetTour
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/RelativeMove
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/RemovePreset
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/RemovePresetTour
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/SendAuxiliaryCommand
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/SetConfiguration
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/SetHomePosition
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/SetPreset
    Source: OnvifClientLibrary.dll.1.drString found in binary or memory: http://www.onvif.org/ver20/ptz/wsdl/Stop
    Source: vacscbkd.inf0.1.drString found in binary or memory: http://www.screenbeam.com
    Source: avcodec-58.dll.1.drString found in binary or memory: http://www.twolame.org/
    Source: avcodec-58.dll.1.drString found in binary or memory: http://www.twolame.org/MPEG-1MPEG-2
    Source: avcodec-58.dll.1.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: avcodec-58.dll.1.drString found in binary or memory: http://x265.org
    Source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9DA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.000002754530F000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.drString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
    Source: NLog.dll.1.drString found in binary or memory: https://nlog-project.org/
    Source: rundll32.exe, 00000039.00000003.2632594929.00000275452DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.screenbeam.com
    Source: rundll32.exe, 00000007.00000003.2274578787.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274539346.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288912821.0000020FA7371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383949526.000001F5D9542000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395878430.00000298B68B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422266724.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422207004.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2465117874.00000202E10A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484246063.0000024B41D71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544271774.000002705155F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575312221.0000013913361000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
    Source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9DA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.000002754530F000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.drString found in binary or memory: https://www.newtonsoft.com/json
    Source: Newtonsoft.Json.dll.32.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
    Source: NLog.dll.1.drString found in binary or memory: https://www.nuget.org/packages/NLog.Web.AspNetCore
    Source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9DA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.000002754530F000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\62ca48.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSID44B.tmpJump to behavior
    Source: C:\Windows\System32\rundll32.exeCode function: 7_3_00007FFD9B4C12C07_3_00007FFD9B4C12C0
    Source: C:\Windows\System32\rundll32.exeCode function: 7_3_00007FFD9B4C37517_3_00007FFD9B4C3751
    Source: C:\Windows\System32\rundll32.exeCode function: 7_3_00007FFD9B4C15187_3_00007FFD9B4C1518
    Source: C:\Windows\System32\rundll32.exeCode function: 10_3_00007FFD9B4B12C010_3_00007FFD9B4B12C0
    Source: C:\Windows\System32\rundll32.exeCode function: 10_3_00007FFD9B4B375110_3_00007FFD9B4B3751
    Source: C:\Windows\System32\rundll32.exeCode function: 10_3_00007FFD9B4B151810_3_00007FFD9B4B1518
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeCode function: 17_2_00007FFD9B3D080817_2_00007FFD9B3D0808
    Source: C:\Windows\System32\rundll32.exeCode function: 19_3_00007FFD9B4B375119_3_00007FFD9B4B3751
    Source: C:\Windows\System32\rundll32.exeCode function: 19_3_00007FFD9B4B151819_3_00007FFD9B4B1518
    Source: C:\Windows\System32\rundll32.exeCode function: 19_3_00007FFD9B4B161019_3_00007FFD9B4B1610
    Source: C:\Windows\System32\rundll32.exeCode function: 19_3_00007FFD9B4B12C019_3_00007FFD9B4B12C0
    Source: C:\Windows\System32\rundll32.exeCode function: 19_3_00007FFD9B4B12F019_3_00007FFD9B4B12F0
    Source: C:\Windows\System32\rundll32.exeCode function: 22_3_00007FFD9B4A12C022_3_00007FFD9B4A12C0
    Source: C:\Windows\System32\rundll32.exeCode function: 22_3_00007FFD9B4A375122_3_00007FFD9B4A3751
    Source: C:\Windows\System32\rundll32.exeCode function: 22_3_00007FFD9B4A151822_3_00007FFD9B4A1518
    Source: C:\Windows\System32\rundll32.exeCode function: 27_3_00007FFD9B4D12C027_3_00007FFD9B4D12C0
    Source: C:\Windows\System32\rundll32.exeCode function: 27_3_00007FFD9B4D375127_3_00007FFD9B4D3751
    Source: C:\Windows\System32\rundll32.exeCode function: 27_3_00007FFD9B4D151827_3_00007FFD9B4D1518
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeCode function: 28_2_00007FFD9B3F12E928_2_00007FFD9B3F12E9
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeCode function: 28_2_00007FFD9B3F05E028_2_00007FFD9B3F05E0
    Source: C:\Windows\System32\rundll32.exeCode function: 32_3_00007FFD9B494A4832_3_00007FFD9B494A48
    Source: C:\Windows\System32\rundll32.exeCode function: 32_3_00007FFD9B4912C032_3_00007FFD9B4912C0
    Source: C:\Windows\System32\rundll32.exeCode function: 32_3_00007FFD9B494E6A32_3_00007FFD9B494E6A
    Source: C:\Windows\System32\rundll32.exeCode function: 32_3_00007FFD9B49375132_3_00007FFD9B493751
    Source: C:\Windows\System32\rundll32.exeCode function: 32_3_00007FFD9B49151832_3_00007FFD9B491518
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeCode function: 35_2_00007FFD9B3F080835_2_00007FFD9B3F0808
    Source: C:\Windows\System32\rundll32.exeCode function: 37_3_00007FFD9B4B3A8C37_3_00007FFD9B4B3A8C
    Source: C:\Windows\System32\rundll32.exeCode function: 37_3_00007FFD9B4B375137_3_00007FFD9B4B3751
    Source: C:\Windows\System32\rundll32.exeCode function: 37_3_00007FFD9B4B12DE37_3_00007FFD9B4B12DE
    Source: C:\Windows\System32\rundll32.exeCode function: 37_3_00007FFD9B4B151837_3_00007FFD9B4B1518
    Source: C:\Windows\System32\rundll32.exeCode function: 39_3_00007FFD9B4A12C039_3_00007FFD9B4A12C0
    Source: C:\Windows\System32\rundll32.exeCode function: 39_3_00007FFD9B4A375139_3_00007FFD9B4A3751
    Source: C:\Windows\System32\rundll32.exeCode function: 39_3_00007FFD9B4A151839_3_00007FFD9B4A1518
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeCode function: 46_2_00007FFD9B3E082846_2_00007FFD9B3E0828
    Source: C:\Windows\System32\rundll32.exeCode function: 48_3_00007FFD9B4912C048_3_00007FFD9B4912C0
    Source: C:\Windows\System32\rundll32.exeCode function: 48_3_00007FFD9B49375148_3_00007FFD9B493751
    Source: C:\Windows\System32\rundll32.exeCode function: 48_3_00007FFD9B49151848_3_00007FFD9B491518
    Source: C:\Windows\System32\rundll32.exeCode function: 51_3_00007FFD9B4B375151_3_00007FFD9B4B3751
    Source: C:\Windows\System32\rundll32.exeCode function: 51_3_00007FFD9B4B151851_3_00007FFD9B4B1518
    Source: C:\Windows\System32\rundll32.exeCode function: 51_3_00007FFD9B4B12F051_3_00007FFD9B4B12F0
    Source: C:\Windows\System32\rundll32.exeCode function: 52_3_00007FFD9B4D12C052_3_00007FFD9B4D12C0
    Source: C:\Windows\System32\rundll32.exeCode function: 52_3_00007FFD9B4D375152_3_00007FFD9B4D3751
    Source: C:\Windows\System32\rundll32.exeCode function: 52_3_00007FFD9B4D151852_3_00007FFD9B4D1518
    Source: C:\Windows\System32\rundll32.exeCode function: 57_3_00007FFD9B4912C057_3_00007FFD9B4912C0
    Source: C:\Windows\System32\rundll32.exeCode function: 57_3_00007FFD9B49375157_3_00007FFD9B493751
    Source: C:\Windows\System32\rundll32.exeCode function: 57_3_00007FFD9B49151857_3_00007FFD9B491518
    Source: SharpDX.DXGI.dll.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: System.Globalization.Extensions.dll.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: tLegalCopyrightCopyright (c) Microsoft Corporation. All rights reserved.L$OriginalFilenameVC_redist.x86.exe vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: tLegalCopyrightCopyright (c) Microsoft Corporation. All rights reserved.L$OriginalFilenameVC_redist.x64.exe vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: OriginalFilenameviewer.exeF vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: OriginalFileNameaipackagechainer.exeh vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: OriginalFilenameNetFirewall.dllF vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: OriginalFilenamePrereq.dllF vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: OriginalFilenameExternalUICleaner.dllF vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: OriginalFilenameByomCustomAction.dllB vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: OriginalFilenameSfxCA.dll\ vs ScreenBeam_Conference_Windows.msi
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: OriginalFilenameSoftwareDetector.dllF vs ScreenBeam_Conference_Windows.msi
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
    Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
    Source: classification engineClassification label: mal52.troj.evad.winMSI@96/422@0/0
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeamJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rundll32.exe.logJump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1516:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6352:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4996:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3384:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3968:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2852:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3408:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2936:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2116:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3520:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1464:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2892:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4456:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4904:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2680:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5168:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5052:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7032:120:WilError_03
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI91A9.tmpJump to behavior
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\Installer\MSIFFF9.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\Installer\MSI10D6.tmp-\DefMic.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
    Source: C:\Windows\Installer\MSI10D6.tmp-\sbdrvmgr.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\System32\rundll32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
    Source: C:\Windows\System32\msiexec.exeFile read: C:\Windows\win.iniJump to behavior
    Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI8B45.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6458234 90 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting
    Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\ScreenBeam_Conference_Windows.msi"
    Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 06B685FB1F6826D14A4ACA5AAE1577C5 C
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 3481905E088C370D775B2727350976C1 C
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI8B45.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6458234 90 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exe "DefMic.exe" --def
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI90F4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6459640 100 ByomCustomAction!ByomCustomAction.CustomActions.VerifyDriverBusy
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSIB601.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6469109 128 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exe "DefMic.exe" --def
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6470359 138 ByomCustomAction!ByomCustomAction.CustomActions.GetSBUCRunningProcesses
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSIC545.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6473015 164 ByomCustomAction!ByomCustomAction.CustomActions.RemoveDriver
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exe sbdrvmgr.exe" --remove "ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 9142454F69078BDCE0A87A3C5903BEB2
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 1105B354BECBE4DDF142AFD791CBBACB
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSID5B7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6477312 133 ByomCustomAction!ByomCustomAction.CustomActions.GetSBUCRunningProcesses
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIDD79.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6479218 160 ByomCustomAction!ByomCustomAction.CustomActions.WaitForUnpairDeviceApp
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF4AE.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6485156 168 ByomCustomAction!ByomCustomAction.CustomActions.StopSBUCProcesses
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIFFF9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6488062 220 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIFFF9.tmp-\DefMic.exe "DefMic.exe" --def
    Source: C:\Windows\Installer\MSIFFF9.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIAF7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6490875 230 ByomCustomAction!ByomCustomAction.CustomActions.SetIsInstallingTrue
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI10D6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6492359 437 ByomCustomAction!ByomCustomAction.CustomActions.IsDriverBusy
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI10D6.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\Installer\MSI10D6.tmp-\DefMic.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI10D6.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\Installer\MSI10D6.tmp-\sbdrvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI175F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6494031 452 ByomCustomAction!ByomCustomAction.CustomActions.DisableCampfilters
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32" /u /s "C:\Program Files\ScreenBeam\Conference\\app\Filters\x86\SBCamFilter32.dll
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 06B685FB1F6826D14A4ACA5AAE1577C5 CJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 3481905E088C370D775B2727350976C1 CJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 9142454F69078BDCE0A87A3C5903BEB2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 1105B354BECBE4DDF142AFD791CBBACBJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI8B45.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6458234 90 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSettingJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI90F4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6459640 100 ByomCustomAction!ByomCustomAction.CustomActions.VerifyDriverBusyJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSIB601.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6469109 128 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSettingJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6470359 138 ByomCustomAction!ByomCustomAction.CustomActions.GetSBUCRunningProcessesJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSIC545.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6473015 164 ByomCustomAction!ByomCustomAction.CustomActions.RemoveDriverJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exe "DefMic.exe" --defJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exe "DefMic.exe" --listJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5Jump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exe "DefMic.exe" --listJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5Jump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exe "DefMic.exe" --def
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exe sbdrvmgr.exe" --remove "ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSID5B7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6477312 133 ByomCustomAction!ByomCustomAction.CustomActions.GetSBUCRunningProcesses
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIDD79.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6479218 160 ByomCustomAction!ByomCustomAction.CustomActions.WaitForUnpairDeviceApp
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF4AE.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6485156 168 ByomCustomAction!ByomCustomAction.CustomActions.StopSBUCProcesses
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIFFF9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6488062 220 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIAF7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6490875 230 ByomCustomAction!ByomCustomAction.CustomActions.SetIsInstallingTrue
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI10D6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6492359 437 ByomCustomAction!ByomCustomAction.CustomActions.IsDriverBusy
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI175F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6494031 452 ByomCustomAction!ByomCustomAction.CustomActions.DisableCampfilters
    Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknown
    Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknown
    Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknown
    Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknown
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIFFF9.tmp-\DefMic.exe "DefMic.exe" --def
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI10D6.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI10D6.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32" /u /s "C:\Program Files\ScreenBeam\Conference\\app\Filters\x86\SBCamFilter32.dll
    Source: C:\Windows\System32\rundll32.exeProcess created: unknown unknown
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32Jump to behavior
    Source: C:\Windows\System32\msiexec.exeAutomated click: Next >
    Source: C:\Windows\System32\msiexec.exeAutomated click: Next >
    Source: C:\Windows\System32\msiexec.exeAutomated click: Next >
    Source: C:\Windows\System32\msiexec.exeAutomated click: Accept
    Source: C:\Windows\System32\msiexec.exeAutomated click: Install
    Source: C:\Windows\System32\msiexec.exeAutomated click: Install
    Source: C:\Windows\System32\msiexec.exeAutomated click: Install
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeamJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\ConferenceJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\appJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\appsettingsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\appsettings\settings.jsonJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\eula.rtfJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\ScreenBeam.bmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\ScreenBeam.icoJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ControlzEx.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ControlzEx.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ControlzEx.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\deJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\de\MahApps.Metro.resources.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\FiltersJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avcodec-58.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avformat-58.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avutil-56.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libcrypto-1_1-x64.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libssl-1_1-x64.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\OnvifClientLibrary.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBCamFilter64.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBRTSPAudio64.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swresample-3.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swscale-5.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avcodec-58.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avformat-58.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avutil-56.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libcrypto-1_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libssl-1_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\OnvifClientLibrary.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBCamFilter32.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBRTSPAudio32.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swresample-3.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swscale-5.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacdisable.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacenable.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Fizzler.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Hardcodet.NotifyIcon.Wpf.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Hardcodet.NotifyIcon.Wpf.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\HtmlToXamlConverter.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ImagesJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Camera 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Camera 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Conf 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Conf 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Conf 02.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Conf 02b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Connect 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Connect 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Connect 02.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Connect 02b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Devices 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Devices 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Display 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Display 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Display 02.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Display 02b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Go2Meeting.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\GoogleMeet_audio.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\GoogleMeet_video.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Hamburger 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Hamburger 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\ham_menu.svgJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\info-icon.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\panic_button.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\repair_icon.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\ScreenBeamLogo.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Settings 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Settings 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Source 01.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Source 01b.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Teams_03.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\teams_settings.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\warning-orange.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Warning_blk.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Warning_red.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Webex_audio.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Webex_video.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Zoom_audio.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\zoom_settings.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Images\Zoom_video.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Expression.Interactions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Expression.Interactions.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Newtonsoft.Json.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Newtonsoft.Json.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\NLog.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\NLog.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\NLog.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\qf4net.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Common.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Common.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Model.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Model.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.ViewModel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConference.ViewModel.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Svg.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Svg.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Buffers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Buffers.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Memory.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Memory.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Numerics.Vectors.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Numerics.Vectors.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.CompilerServices.Unsafe.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.CompilerServices.Unsafe.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.ValueTuple.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.ValueTuple.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Windows.Interactivity.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Windows.Interactivity.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audioJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vacJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\instrmv.cmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vacJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd.infJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd6x.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd6x.infJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbcp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbcp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgrJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x64\wdmdrvmgr.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x86\wdmdrvmgr.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\serviceJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\NLog.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\NLog.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\NLog.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\qf4net.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Common.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Common.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vacJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\instrmv.cmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vacJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd.infJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd6x.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd6x.infJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbcp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbcp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgrJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x64Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x64\wdmdrvmgr.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x86Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x86\wdmdrvmgr.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.WindowsRuntime.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.WindowsRuntime.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.FoundationContract.winmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.UniversalApiContract.winmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Windows.WinMDJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\CreateProcessAsUser.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\Microsoft.Win32.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\netstandard.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.AppContext.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.Concurrent.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.NonGeneric.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.Specialized.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.EventBasedAsync.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.TypeConverter.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Console.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Data.Common.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Contracts.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Debug.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.FileVersionInfo.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Process.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.StackTrace.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TextWriterTraceListener.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tools.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TraceSource.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tracing.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Drawing.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Dynamic.Runtime.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Calendars.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Extensions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.ZipFile.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.DriveInfo.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Watcher.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.IsolatedStorage.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.MemoryMappedFiles.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.Pipes.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.IO.UnmanagedMemoryStream.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Expressions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Parallel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Queryable.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Http.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.NameResolution.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.NetworkInformation.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Ping.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Requests.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Security.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Sockets.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebHeaderCollection.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.Client.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ObjectModel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Extensions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Resources.Reader.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Resources.ResourceManager.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Resources.Writer.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.CompilerServices.VisualC.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Extensions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Handles.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.RuntimeInformation.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Numerics.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Formatters.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Json.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Xml.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.WindowsRuntime.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.WindowsRuntime.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Claims.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Algorithms.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Csp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Encoding.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Primitives.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.X509Certificates.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Principal.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Security.SecureString.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.Extensions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Text.RegularExpressions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Overlapped.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.Parallel.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Thread.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.ThreadPool.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Timer.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.ValueTuple.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.ReaderWriter.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XDocument.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlDocument.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlSerializer.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.XDocument.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.FoundationContract.winmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.UniversalApiContract.winmdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\service\Windows.WinMDJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\config1_base.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\ipsee.txtJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libcrypto-1_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libssl-1_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\MultiOnvifServer.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\runconfig.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\ssl.caJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\ssl.keyJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\user manual.pdfJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\vcruntime140.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\zlibwapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\en-USJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\en-US\SBConference.Model.resources.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\XamlAnimatedGif.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\XamlAnimatedGif.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\Interop.NetFwTypeLib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\config2_base.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.Direct3D9.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.DXGI.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.Mathematics.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.MediaFoundation.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.pdbJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ScreenBeam\Conference\app\BouncyCastle.Crypto.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreenBeam Conference 1.0.5.3Jump to behavior
    Source: ScreenBeam_Conference_Windows.msiStatic file information: File size 102197248 > 1048576
    Source: Binary string: \??\C:\Windows\DefMic.pdb<, source: DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdb*c source: DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: shiD545.tmp.30.dr
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbuser\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\UsersC: source: DefMic.exe, 00000021.00000002.2471297325.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551236682.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594285981.0000000000822000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: Release\DefMic.pdb source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2389680692.0000000000F4A000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594285981.0000000000822000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622077757.0000000000650000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: dows\exe\DefMic.pdbb source: DefMic.exe, 00000017.00000002.2411501774.0000000001233000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.Common.pdb_1 source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb|G source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E1D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E50000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622077757.0000000000650000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\agent\_work\66\s\build\ship\x64\SfxCA.pdb source: ScreenBeam_Conference_Windows.msi, MSI5566.tmp.1.dr, MSI8B45.tmp.0.dr
    Source: Binary string: Microsoft.Xaml.Behaviors.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\Installer\MSIF4AE.tmp-\DefMic.PDB source: DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.Model.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: m,C:\Windows\DefMic.pdb source: DefMic.exe, 00000008.00000002.2283341118.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2294641298.0000000000AFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302047187.00000000012FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2389501243.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2411485469.00000000010FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471142553.000000000073A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551012296.0000000000D5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2559593495.0000000000B5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594040304.000000000055A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622012019.00000000004FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: XamlAnimatedGif.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbemp\MSI90F4.tmp-\DefMic.PDB source: DefMic.exe, 0000000B.00000002.2294641298.0000000000AFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302047187.00000000012FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdb source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302139876.0000000001497000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2389680692.0000000000F3B000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdba} source: DefMic.exe, 00000017.00000002.2411501774.0000000001233000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.1.dr
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbemp\MSIB601.tmp-\DefMic.PDB source: DefMic.exe, 00000014.00000002.2389501243.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: enkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb source: DefMic.exe, 00000028.00000002.2551236682.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdb source: NLog.dll.1.dr
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbVV source: DefMic.exe, 00000014.00000002.2389680692.0000000000F4A000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb/jIj ;j_CorExeMainmscoree.dll source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000008.00000000.2279245164.0000000000872000.00000002.00000001.01000000.00000007.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2294905488.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302139876.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2411501774.0000000001241000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471297325.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551236682.0000000000F74000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9DA4000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622077757.000000000067B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.000002754530F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbemp\MSIBAD4.tmp-\DefMic.PDB source: DefMic.exe, 00000017.00000002.2411485469.00000000010FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: StreamPlayback.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: MahApps.Metro.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: dows\dll\mscorlib.pdb source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551236682.0000000000F55000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622077757.0000000000650000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.ResourceManager\4.0.1.0\System.Resources.ResourceManager.pdb source: System.Resources.ResourceManager.dll.1.dr
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb* source: System.Diagnostics.Process.dll.1.dr
    Source: Binary string: Osymbols\exe\DefMic.pdb source: DefMic.exe, 00000035.00000002.2622012019.00000000004FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: SBConfDiag.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO\4.1.2.0\System.IO.pdb source: System.IO.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\ExternalUICleaner.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb{ source: DefMic.exe, 00000017.00000002.2411501774.0000000001241000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.pdbc9 source: DefMic.exe, 00000017.00000002.2411501774.0000000001241000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSIF4AE.tmp-\DefMic.pdb source: DefMic.exe, 00000028.00000002.2551236682.0000000000F55000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ControlzEx.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: Release\DefMic.pdb/jI source: DefMic.exe, 00000014.00000002.2389680692.0000000000F4A000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594285981.0000000000822000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\mscorlib.pdb source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302139876.0000000001476000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2389680692.0000000000EDE000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471297325.0000000000890000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551236682.0000000000F30000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622077757.0000000000650000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb#rJn source: DefMic.exe, 00000035.00000002.2622077757.000000000063C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: UnpairDeviceApp.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.pdbad source: DefMic.exe, 00000017.00000002.2411501774.0000000001241000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: Microsoft.Xaml.Behaviors.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Data.Common/netfx\System.Data.Common.pdb source: System.Data.Common.dll.1.dr
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbindows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\DA source: DefMic.exe, 0000000F.00000002.2302139876.00000000014A3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.pdb source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdbd, source: DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.Common.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdb source: System.Resources.Writer.dll.1.dr
    Source: Binary string: SBConference.Model.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\DefMic.pdbx source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E31000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbbY source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E50000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbf source: DefMic.exe, 00000014.00000002.2389680692.0000000000F3B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ScreenBeamConference.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: Usymbols\exe\DefMic.pdb source: DefMic.exe, 00000031.00000002.2594040304.000000000055A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdbD source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.pdbs source: DefMic.exe, 00000014.00000002.2389680692.0000000000F22000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb$*>* 0*_CorDllMainmscoree.dll source: System.Reflection.Primitives.dll.1.dr
    Source: Binary string: mC:\Windows\Installer\MSI10D6.tmp-\DefMic.pdb source: DefMic.exe, 00000035.00000002.2622012019.00000000004FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdbC source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbb:<' source: DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbemp\MSI8B45.tmp-\DefMic.PDB source: DefMic.exe, 00000008.00000002.2283341118.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer\msi-installer\ByomCustomAction\ByomCustomAction\obj\x64\Release\ByomCustomAction.pdb source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D4B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E28000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB12F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B837F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B6028F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C19000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B43747000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705306A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914E6E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.00000249632D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9D70000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.00000275452DB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: ControlzEx.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: mC:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.pdb source: DefMic.exe, 00000008.00000002.2283341118.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D4B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E28000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB12F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B837F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B6028F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C19000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B43747000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705306A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914E6E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.00000249632D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9D70000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.00000275452DB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSI10D6.tmp-\DefMic.pdb source: DefMic.exe, 00000035.00000002.2622077757.0000000000650000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSID5B7.tmp-\DefMic.pdb. source: DefMic.exe, 00000021.00000002.2471297325.00000000008B0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: UnpairDeviceApp.pdb^ source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: .0_4.0.0.0__b77a5c561934e089\mscorlib.pdb9\ source: DefMic.exe, 00000028.00000002.2551236682.0000000000F68000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XPath\4.0.3.0\System.Xml.XPath.pdb source: System.Xml.XPath.dll.1.dr
    Source: Binary string: symbols\exe\DefMic.pdb source: DefMic.exe, 00000008.00000002.2283341118.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2294641298.0000000000AFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302047187.00000000012FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2389501243.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2411485469.00000000010FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551012296.0000000000D5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2559593495.0000000000B5A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdbSHA256 source: NLog.dll.1.dr
    Source: Binary string: enkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbe source: DefMic.exe, 0000000F.00000002.2302139876.00000000014A3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ScreenBeamConference.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\DefMic.pdbU source: DefMic.exe, 00000028.00000002.2551236682.0000000000F30000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb} source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: enkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbo source: DefMic.exe, 00000017.00000002.2411501774.0000000001241000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdbl( source: System.Resources.Writer.dll.1.dr
    Source: Binary string: \??\C:\Windows\Installer\MSIF4AE.tmp-\DefMic.PDBbM source: DefMic.exe, 00000028.00000002.2551236682.0000000000F55000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: enkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbs source: DefMic.exe, 00000014.00000002.2389680692.0000000000F4A000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.Service.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: StreamPlayback.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\Installer\MSIFFF9.tmp-\DefMic.PDBby source: DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbb:@v source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E1D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\aipackagechainer.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdb% source: DefMic.exe, 00000014.00000002.2389680692.0000000000F3B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\svn\happytimesoft\onvifclient\bin\x64\OnvifClientLibrary.pdb source: OnvifClientLibrary.dll.1.dr
    Source: Binary string: C:\Windows\DefMic.pdbpdbMic.pdb source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2294905488.0000000000E50000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2389680692.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471297325.00000000008B0000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622077757.0000000000650000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: dows\exe\DefMic.pdb source: DefMic.exe, 00000035.00000002.2622077757.0000000000650000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\NetFirewall.pdb; source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.pdb source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E50000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: dows\dll\mscorlib.pdbV source: DefMic.exe, 00000021.00000002.2471297325.00000000008B0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mC:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.pdb source: DefMic.exe, 0000000B.00000002.2294641298.0000000000AFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302047187.00000000012FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: Release\DefMic.pdb/jII source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdb source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302139876.0000000001476000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2389680692.0000000000EDE000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2411501774.000000000122A000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551236682.0000000000F30000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.PDB source: DefMic.exe, 00000014.00000002.2389680692.0000000000F22000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdb source: DefMic.exe, 0000000F.00000002.2302139876.0000000001463000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EE3000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594285981.00000000007DB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mC:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.pdb source: DefMic.exe, 00000014.00000002.2389501243.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: dows\dll\mscorlib.pdbq source: DefMic.exe, 00000014.00000002.2389680692.0000000000F3B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\mscorlib.pdb8LM source: DefMic.exe, 00000017.00000002.2411501774.000000000122A000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdb/ source: DefMic.exe, 00000021.00000002.2471297325.0000000000890000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSIF4AE.tmp-\DefMic.pdbesCH source: DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdb. source: DefMic.exe, 0000000F.00000002.2302139876.0000000001476000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mC:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.pdb source: DefMic.exe, 00000017.00000002.2411485469.00000000010FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb+ source: DefMic.exe, 00000031.00000002.2594285981.00000000007DB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbmp-\DefMic.PDB source: DefMic.exe, 00000021.00000002.2471142553.000000000073A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551012296.0000000000D5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2559593495.0000000000B5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594040304.000000000055A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622012019.00000000004FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: SBConference.ViewModel.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.IsolatedStorage\4.0.2.0\System.IO.IsolatedStorage.pdb source: System.IO.IsolatedStorage.dll.1.dr
    Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D4B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E28000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB12F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B837F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B6028F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C19000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B43747000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705306A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914E6E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.00000249632D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9D70000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.00000275452DB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.ViewModel.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: XamlAnimatedGif.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\mscorlib.pdb# source: DefMic.exe, 00000014.00000002.2389680692.0000000000EDE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbbU source: DefMic.exe, 00000028.00000002.2551236682.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdbMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_Nra source: DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.Service.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbbH source: DefMic.exe, 00000031.00000002.2594285981.00000000007DB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: SBConference.Common.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbM@Z source: DefMic.exe, 00000028.00000002.2551236682.0000000000F55000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbb*I source: DefMic.exe, 00000008.00000002.2283383506.0000000000E5C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSIFFF9.tmp-\DefMic.pdb source: DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb source: System.Windows.Interactivity.dll.1.dr
    Source: Binary string: SBConfDiag.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbOmIR2 source: DefMic.exe, 0000000F.00000002.2302139876.0000000001497000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSI10D6.tmp-\DefMic.pdbes source: DefMic.exe, 00000035.00000002.2622077757.0000000000650000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.PDBs$ source: DefMic.exe, 00000017.00000002.2411501774.0000000001241000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.pdb source: DefMic.exe, 00000014.00000002.2389680692.0000000000F22000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSIFFF9.tmp-\DefMic.pdbes source: DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\Users\ScreenBeam\Projects\sb-conference-installer\byom-rtsp-client\sbdrvmgr\sbdrvmgr\obj\x64\Release\sbdrvmgr.pdb source: rundll32.exe, 00000007.00000003.2274578787.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274539346.0000017AB22F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288912821.0000020FA7371000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, sbdrvmgr.exe, 0000000D.00000000.2295702685.000001E6EBCC2000.00000002.00000001.01000000.0000000C.sdmp, rundll32.exe, 00000013.00000003.2383949526.000001F5D9542000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395878430.00000298B68B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422266724.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422207004.0000020B5E850000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2465117874.00000202E10A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484246063.0000024B41D71000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544271774.000002705155F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575312221.0000013913361000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600719988.0000024961770000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600794506.0000024961770000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9DA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615961862.000001D9F8331000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2616070440.000001D9F8331000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.000002754530F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000
    Source: Binary string: SBConference.Common.pdb_1 source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbt source: DefMic.exe, 00000021.00000002.2471297325.0000000000890000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: ScreenBeam_Conference_Windows.msi, MSI9257.tmp.0.dr, MSI9227.tmp.0.dr
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb source: System.Diagnostics.Process.dll.1.dr
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.pdbs source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.pdb089Z# S source: DefMic.exe, 0000000F.00000002.2302139876.0000000001476000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbb source: DefMic.exe, 00000014.00000002.2389680692.0000000000EFF000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2411501774.00000000011FC000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471297325.000000000087B000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EE3000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622077757.000000000063C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mC:\Windows\Installer\MSID5B7.tmp-\DefMic.pdb source: DefMic.exe, 00000021.00000002.2471142553.000000000073A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: MahApps.Metro.pdbx& source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.pdbst source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E50000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdberDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\Lo source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E63000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbb6 source: DefMic.exe, 00000028.00000002.2551236682.0000000000F1C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XDocument\4.0.11.0\System.Xml.XDocument.pdb source: System.Xml.XDocument.dll.1.dr
    Source: Binary string: C:\svn\happytimesoft\onvifclient\bin\x64\OnvifClientLibrary.pdb22 source: OnvifClientLibrary.dll.1.dr
    Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9DA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.000002754530F000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.dr
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbb source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471297325.00000000008B0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9DA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000039.00000003.2632594929.000002754530F000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.32.dr
    Source: Binary string: \??\C:\Windows\symbols\exe\DefMic.pdbb" source: DefMic.exe, 0000000F.00000002.2302139876.0000000001463000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: DefMic.exe, 00000021.00000002.2471297325.0000000000890000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbT source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E50000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\exe\DefMic.pdbM} source: DefMic.exe, 00000017.00000002.2411501774.0000000001233000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\NetFirewall.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdba^k source: DefMic.exe, 00000014.00000002.2389680692.0000000000F22000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\mscorlib.pdbg source: DefMic.exe, 00000021.00000002.2471297325.0000000000890000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\DefMic.pdbrE source: DefMic.exe, 00000035.00000002.2622077757.0000000000650000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.Primitives\4.0.3.0\System.IO.FileSystem.Primitives.pdb source: System.IO.FileSystem.Primitives.dll.1.dr
    Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: DefMic.exe, 00000008.00000002.2283383506.0000000000E5C000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471297325.000000000087B000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EE3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Collections.NonGeneric\4.0.3.0\System.Collections.NonGeneric.pdb source: System.Collections.NonGeneric.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\ExternalUICleaner.pdb3 source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: }enkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb} source: DefMic.exe, 00000031.00000002.2594285981.0000000000822000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbXm^R3 source: DefMic.exe, 0000000F.00000002.2302139876.0000000001497000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb== source: DefMic.exe, 00000008.00000002.2283383506.0000000000E72000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Installer\MSID5B7.tmp-\DefMic.PDB source: DefMic.exe, 00000021.00000002.2471297325.00000000008B0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Jenkins\workspace\sb-conference-installer-working\byom-rtsp-client\defmic\DefMic\obj\Release\DefMic.pdb source: rundll32.exe, 00000007.00000003.2274430481.0000017AB3D7F000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000008.00000002.2283341118.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000008.00000000.2279245164.0000000000872000.00000002.00000001.01000000.00000007.sdmp, rundll32.exe, 0000000A.00000003.2288766939.0000020FA8E5C000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2294641298.0000000000AFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2294905488.0000000000E63000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302139876.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302047187.00000000012FA000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2383796976.000001F5DB163000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2389501243.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2395687457.00000298B83B3000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2411501774.0000000001241000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2411485469.00000000010FA000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000003.2422025636.0000020B602C3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000020.00000003.2464985975.00000202E2C4D000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471297325.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471142553.000000000073A000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000025.00000003.2484108923.0000024B4377B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000027.00000003.2544126213.000002705309E000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551236682.0000000000F74000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551012296.0000000000D5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2559593495.0000000000B5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2560034201.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.2575109052.0000013914EA2000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594040304.000000000055A000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000033.00000003.2600569006.000002496330A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000034.00000003.2615711052.000001D9F9DA4000.00000004.00000020.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622012019.00000000004FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622077757.000000000067B000.00000
    Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb1c source: DefMic.exe, 00000031.00000002.2594285981.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: ScreenBeam_Conference_Windows.msi
    Source: Binary string: \??\C:\Windows\mscorlib.pdbu source: DefMic.exe, 0000000B.00000002.2294905488.0000000000E31000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ssymbols\exe\DefMic.pdb source: DefMic.exe, 00000021.00000002.2471142553.000000000073A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\mscorlib.pdbv source: DefMic.exe, 0000000F.00000002.2302139876.0000000001476000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Serialization.Json\4.0.1.0\System.Runtime.Serialization.Json.pdb source: System.Runtime.Serialization.Json.dll.1.dr
    Source: Binary string: mC:\Windows\Installer\MSIFFF9.tmp-\DefMic.pdb source: DefMic.exe, 00000031.00000002.2594040304.000000000055A000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: m.pdb source: DefMic.exe, 00000008.00000002.2283341118.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000B.00000002.2294641298.0000000000AFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000000F.00000002.2302047187.00000000012FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000014.00000002.2389501243.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000017.00000002.2411485469.00000000010FA000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000021.00000002.2471142553.000000000073A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000028.00000002.2551012296.0000000000D5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2559593495.0000000000B5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000031.00000002.2594040304.000000000055A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 00000035.00000002.2622012019.00000000004FA000.00000004.00000010.00020000.00000000.sdmp
    Source: Binary string: mC:\Windows\Installer\MSIF4AE.tmp-\DefMic.pdb source: DefMic.exe, 00000028.00000002.2551012296.0000000000D5A000.00000004.00000010.00020000.00000000.sdmp, DefMic.exe, 0000002C.00000002.2559593495.0000000000B5A000.00000004.00000010.00020000.00000000.sdmp
    Source: SharpDX.DXGI.dll.1.drStatic PE information: 0xA0153478 [Tue Feb 9 00:04:08 2055 UTC]
    Source: MSI90F4.tmp.0.drStatic PE information: real checksum: 0x3d808 should be: 0x8f934
    Source: MSIB601.tmp.0.drStatic PE information: real checksum: 0x3d808 should be: 0x8f934
    Source: MSIC545.tmp.0.drStatic PE information: real checksum: 0x3d808 should be: 0x8f934
    Source: MSIBAD4.tmp.0.drStatic PE information: real checksum: 0x3d808 should be: 0x8f934
    Source: MSI8B45.tmp.0.drStatic PE information: real checksum: 0x3d808 should be: 0x8f934
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32" /u /s "C:\Program Files\ScreenBeam\Conference\\app\Filters\x86\SBCamFilter32.dll

    Persistence and Installation Behavior

    barindex
    Drops executables to the windows directory (C:\Windows) and starts them
    Source: C:\Windows\System32\rundll32.exeExecutable created and started: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exe
    Source: C:\Windows\System32\rundll32.exeExecutable created and started: C:\Windows\Installer\MSI10D6.tmp-\sbdrvmgr.exe
    Source: C:\Windows\System32\rundll32.exeExecutable created and started: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exe
    Source: C:\Windows\System32\rundll32.exeExecutable created and started: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exe
    Source: C:\Windows\System32\rundll32.exeExecutable created and started: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exe
    Source: C:\Windows\System32\rundll32.exeExecutable created and started: C:\Windows\Installer\MSI10D6.tmp-\DefMic.exe
    Source: C:\Windows\System32\rundll32.exeExecutable created and started: C:\Windows\Installer\MSIFFF9.tmp-\DefMic.exe
    Sample is not signed and drops a device driver
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbkd.sysJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.UniversalApiContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID4D9.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI90F4.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swscale-5.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Extensions.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Overlapped.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\OnvifClientLibrary.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Thread.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbkd.sysJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Parallel.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI175F.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.XDocument.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avcodec-58.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5748.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.ThreadPool.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avutil-56.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.ZipFile.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.NameResolution.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libcrypto-1_1.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIDD79.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.IsolatedStorage.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIDD79.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI175F.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIDD79.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.Specialized.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.UniversalApiContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Requests.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID4B9.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.X509Certificates.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.FoundationContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDD3A.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\ControlzEx.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbkd.sysJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI5768.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Security.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.Direct3D9.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID5B7.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Interop.NetFwTypeLib.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Security.SecureString.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Text.RegularExpressions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5566.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Dynamic.Runtime.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIDD79.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID509.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI94ED.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\HtmlToXamlConverter.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\NLog.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.MemoryMappedFiles.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Extensions.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSID5B7.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbkd.sysJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Http.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI9257.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\XamlAnimatedGif.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI10D6.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\System.Buffers.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI10D6.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\shiD545.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.WindowsRuntime.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIB601.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbkd.sysJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI93D0.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIC9DB.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID597.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIAF7.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Expressions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Resources.Writer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.Parallel.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI10D6.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacdisable.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI946E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBRTSPAudio64.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF4AE.tmpJump to dropped file
    Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\shi9497.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libcrypto-1_1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Common.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\en-US\SBConference.Model.resources.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID44B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIC545.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFFF9.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.Client.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TraceSource.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\System.Numerics.Vectors.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI10D6.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF44E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Extensions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI55D4.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avutil-56.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Fizzler.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIF4AE.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x64\wdmdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.NetworkInformation.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.NonGeneric.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8B45.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Sockets.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.ReaderWriter.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tools.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XDocument.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlSerializer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avformat-58.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI10D6.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\netstandard.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x64\wdmdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacenable.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Xml.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI175F.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Ping.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libssl-1_1.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSID5B7.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI94BD.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\BouncyCastle.Crypto.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swresample-3.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Model.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIAF7.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\NLog.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbcp.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIAF7.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIAF7.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI91A9.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSICA1B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbcp.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIFFF9.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\Windows.WinMDJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIC97C.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libssl-1_1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x86\wdmdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.FileVersionInfo.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIFFF9.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\qf4net.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBCamFilter32.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI950D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Csp.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.FoundationContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Hardcodet.NotifyIcon.Wpf.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Contracts.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\Microsoft.Win32.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSID5B7.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIFFF9.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI9227.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Resources.Reader.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avformat-58.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI93F0.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Debug.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI175F.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\de\MahApps.Metro.resources.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\CreateProcessAsUser.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libssl-1_1-x64.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\SBConference.ViewModel.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Drawing.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDD6.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.Mathematics.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI6043.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebHeaderCollection.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIDD79.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.EventBasedAsync.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tracing.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Calendars.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Claims.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5662.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Handles.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.ObjectModel.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\qf4net.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBCamFilter64.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbcp.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.Pipes.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Principal.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\SBConference.Common.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Console.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\System.ValueTuple.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avcodec-58.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Numerics.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI175F.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5025.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIAF7.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Net.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Encoding.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\System.Windows.Interactivity.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1C03.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Timer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.MediaFoundation.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.Extensions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Data.Common.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x86\wdmdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI10D6.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.TypeConverter.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF47E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Svg.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Windows.WinMDJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIAF7.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Process.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI93AF.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.ValueTuple.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Queryable.dllJump to dropped file
    Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\viewer.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\SharpDX.DXGI.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI378B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.UnmanagedMemoryStream.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\OnvifClientLibrary.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIFFF9.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Collections.Concurrent.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Resources.ResourceManager.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\MultiOnvifServer.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\vcruntime140.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Expression.Interactions.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIF4AE.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbcp.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swresample-3.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\zlibwapi.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.WindowsRuntime.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.AppContext.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libcrypto-1_1-x64.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.DriveInfo.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDD79.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIFFF9.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI175F.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.StackTrace.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlDocument.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Formatters.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Watcher.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBRTSPAudio32.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swscale-5.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Algorithms.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\System.Memory.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIF4AE.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5025.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIAF7.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI175F.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI10D6.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1C03.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSID5B7.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID4D9.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI10D6.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI10D6.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF47E.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIAF7.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIAF7.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIAF7.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID597.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIAF7.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIAF7.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIFFF9.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI175F.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI10D6.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIFFF9.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF4AE.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIDD79.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIDD79.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI175F.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIDD79.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSID5B7.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID44B.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIFFF9.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI378B.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFFF9.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIFFF9.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI10D6.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID4B9.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF44E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI55D4.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI175F.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIF4AE.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDD3A.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIF4AE.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID5B7.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDD79.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIFFF9.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDD6.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI175F.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5566.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIDD79.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIDD79.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID509.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5662.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSI10D6.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSID5B7.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI175F.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\MSIF4AE.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.FoundationContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.UniversalApiContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\service\Windows.WinMDJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.FoundationContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.UniversalApiContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\app\Windows.WinMDJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ScreenBeam\Conference\eula.rtfJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenBeamJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenBeam\ConferenceJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenBeam\Conference\ScreenBeam Conference.lnkJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeCode function: 28_2_00007FFD9B3F17FA SetupDiGetDeviceRegistryPropertyW,28_2_00007FFD9B3F17FA
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSIFFF9.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSI10D6.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSI10D6.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 490Jump to behavior
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 419Jump to behavior
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 2434Jump to behavior
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 1261Jump to behavior
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 542
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 1162
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 428
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 566
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 1052
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 779
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 1501
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 2033
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 818
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 886
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 569
    Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 370
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.UniversalApiContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID4D9.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swscale-5.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Extensions.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Overlapped.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\OnvifClientLibrary.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Threading.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Thread.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbkd.sysJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Parallel.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI175F.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.XDocument.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avcodec-58.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Threading.ThreadPool.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avutil-56.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.ZipFile.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.NameResolution.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libcrypto-1_1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.IsolatedStorage.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIDD79.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIDD79.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Collections.Specialized.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.UniversalApiContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.Requests.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID4B9.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.X509Certificates.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.FoundationContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIDD3A.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbkd.sysJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\ControlzEx.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI5768.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.Security.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\SharpDX.Direct3D9.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Interop.NetFwTypeLib.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Security.SecureString.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Text.RegularExpressions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5566.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Dynamic.Runtime.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI94ED.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\HtmlToXamlConverter.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\NLog.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.MemoryMappedFiles.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Extensions.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSID5B7.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbkd.sysJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.Http.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\XamlAnimatedGif.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI9257.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI10D6.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\System.Buffers.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shiD545.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.WindowsRuntime.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbkd.sysJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI93D0.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID597.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIC9DB.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Expressions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Resources.Writer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.Parallel.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacdisable.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.exeJump to dropped file
    Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi9497.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBRTSPAudio64.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libcrypto-1_1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Linq.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\SBConference.Common.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\en-US\SBConference.Model.resources.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.Client.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TraceSource.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\System.Numerics.Vectors.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI10D6.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF44E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Extensions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI55D4.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avutil-56.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF4AE.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Fizzler.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x64\wdmdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.NetworkInformation.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Collections.NonGeneric.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.Sockets.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Xml.ReaderWriter.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tools.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XDocument.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avformat-58.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlSerializer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Collections.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI10D6.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\netstandard.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x64\wdmdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacenable.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Xml.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI175F.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.Ping.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libssl-1_1.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSID5B7.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\BouncyCastle.Crypto.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swresample-3.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\SBConference.Model.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\NLog.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIAF7.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbcp.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIAF7.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSICA1B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbcp.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFFF9.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\SharpDX.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\Windows.WinMDJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libssl-1_1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x86\wdmdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.FileVersionInfo.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\qf4net.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBCamFilter32.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI950D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Csp.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.FoundationContract.winmdJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Hardcodet.NotifyIcon.Wpf.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Contracts.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\Microsoft.Win32.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSID5B7.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI9227.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Resources.Reader.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avformat-58.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI93F0.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Debug.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\de\MahApps.Metro.resources.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\CreateProcessAsUser.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Reflection.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libssl-1_1-x64.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\SBConference.ViewModel.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Drawing.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.WebHeaderCollection.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\SharpDX.Mathematics.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIDD79.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.EventBasedAsync.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tracing.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Calendars.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Security.Claims.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5662.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Handles.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.ObjectModel.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\qf4net.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBCamFilter64.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbcp.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.Pipes.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Security.Principal.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\SBConference.Common.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Console.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avcodec-58.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\System.ValueTuple.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Numerics.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5025.tmpJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIAF7.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Net.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Encoding.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Timer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\System.Windows.Interactivity.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\SharpDX.MediaFoundation.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Data.Common.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.Extensions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x86\wdmdrvmgr.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.TypeConverter.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF47E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Windows.WinMDJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Svg.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Process.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Globalization.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI93AF.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.ValueTuple.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Linq.Queryable.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\SharpDX.DXGI.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI378B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Primitives.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.UnmanagedMemoryStream.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\OnvifClientLibrary.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFFF9.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Collections.Concurrent.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\MultiOnvifServer.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\vcruntime140.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Resources.ResourceManager.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF4AE.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Expression.Interactions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbcp.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swresample-3.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\zlibwapi.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.WindowsRuntime.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.AppContext.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libcrypto-1_1-x64.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.DriveInfo.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFFF9.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI175F.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.StackTrace.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlDocument.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Formatters.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Watcher.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBRTSPAudio32.exeJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swscale-5.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\ByomCustomAction.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Algorithms.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\System.Memory.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF4AE.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
    Source: C:\Windows\System32\rundll32.exe TID: 2936Thread sleep time: -2767011611056431s >= -30000sJump to behavior
    Source: C:\Windows\System32\rundll32.exe TID: 2716Thread sleep count: 490 > 30Jump to behavior
    Source: C:\Windows\System32\rundll32.exe TID: 6836Thread sleep count: 419 > 30Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exe TID: 6940Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Windows\System32\rundll32.exe TID: 4324Thread sleep time: -5534023222112862s >= -30000sJump to behavior
    Source: C:\Windows\System32\rundll32.exe TID: 6896Thread sleep count: 2434 > 30Jump to behavior
    Source: C:\Windows\System32\rundll32.exe TID: 3632Thread sleep count: 1261 > 30Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exe TID: 4628Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exe TID: 5980Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exe TID: 6864Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exe TID: 2992Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 664Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 4584Thread sleep count: 542 > 30
    Source: C:\Windows\System32\rundll32.exe TID: 5844Thread sleep count: 311 > 30
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exe TID: 1848Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 1716Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 5368Thread sleep count: 1162 > 30
    Source: C:\Windows\System32\rundll32.exe TID: 2112Thread sleep count: 428 > 30
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exe TID: 5820Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exe TID: 5672Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 2164Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 1664Thread sleep count: 566 > 30
    Source: C:\Windows\System32\rundll32.exe TID: 1664Thread sleep count: 316 > 30
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exe TID: 600Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 4432Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 6160Thread sleep count: 1052 > 30
    Source: C:\Windows\System32\rundll32.exe TID: 6160Thread sleep count: 779 > 30
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exe TID: 7124Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exe TID: 6472Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 5604Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 6948Thread sleep count: 1501 > 30
    Source: C:\Windows\System32\rundll32.exe TID: 6948Thread sleep count: 2033 > 30
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exe TID: 6852Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exe TID: 6748Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exe TID: 4628Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exe TID: 6592Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 3872Thread sleep time: -2767011611056431s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 2312Thread sleep count: 333 > 30
    Source: C:\Windows\System32\rundll32.exe TID: 3004Thread sleep count: 318 > 30
    Source: C:\Windows\Installer\MSIFFF9.tmp-\DefMic.exe TID: 6104Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 3896Thread sleep time: -2767011611056431s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 3868Thread sleep count: 818 > 30
    Source: C:\Windows\System32\rundll32.exe TID: 3868Thread sleep count: 886 > 30
    Source: C:\Windows\Installer\MSI10D6.tmp-\DefMic.exe TID: 2792Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\Installer\MSI10D6.tmp-\sbdrvmgr.exe TID: 1544Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 1852Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\rundll32.exe TID: 5324Thread sleep count: 569 > 30
    Source: C:\Windows\System32\rundll32.exe TID: 5324Thread sleep count: 370 > 30
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSIFFF9.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSI10D6.tmp-\DefMic.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Installer\MSI10D6.tmp-\sbdrvmgr.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 922337203685477
    Source: avcodec-58.dll.1.drBinary or memory string: vmncVMware Screen Codec / VMware VideoDuplicate value found in floor 1 X coordinates
    Source: ScreenBeam_Conference_Windows.msiBinary or memory string: HKEY_USERSRegOpenKeyTransactedW::NetUserGetInfo() failed with error: \@invalid string_view positionVMware, Inc.VMware Virtual PlatformVMware7,1VMware20,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IGetting system informationManufacturer [Model [BIOS [\\?\UNC\\\?\shim_clone%d.%d.%d.%dDllGetVersion[%!]%!ProgramFilesFolderCommonFilesFolderDesktopFolderAllUsersDesktopFolderAppDataFolderFavoritesFolderStartMenuFolderProgramMenuFolderStartupFolderFontsFolderLocalAppDataFolderCommonAppDataFolderProgramFiles64FolderProgramFilesProgramW6432SystemFolderSystem32FolderWindowsFolderWindowsVolumeTempFolderSETUPEXEDIRshfolder.dllSHGetFolderPathWProgramFilesAPPDATAPROGRAMFILES&+
    Source: avcodec-58.dll.1.drBinary or memory string: VMware Screen Codec / VMware Video
    Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeMemory allocated: page read and write | page guardJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exe "DefMic.exe" --defJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exe "DefMic.exe" --listJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5Jump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exe "DefMic.exe" --listJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5Jump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exe "DefMic.exe" --def
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exe sbdrvmgr.exe" --remove "ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSIFFF9.tmp-\DefMic.exe "DefMic.exe" --def
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI10D6.tmp-\DefMic.exe "DefMic.exe" --list
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\Installer\MSI10D6.tmp-\sbdrvmgr.exe "sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32" /u /s "C:\Program Files\ScreenBeam\Conference\\app\Filters\x86\SBCamFilter32.dll
    Source: C:\Windows\System32\rundll32.exeProcess created: unknown unknown
    Source: rundll32.exe, 00000007.00000002.2285528909.0000017ACC3E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progmano
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeCode function: 28_2_00007FFD9B3F17FA SetupDiGetDeviceRegistryPropertyW,28_2_00007FFD9B3F17FA
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\ByomCustomAction.dll VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exe VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\ByomCustomAction.dll VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exe VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exe VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exe VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exe VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exe VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exe VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exe VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exe VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSID5B7.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSID5B7.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exeQueries volume information: C:\Windows\Installer\MSID5B7.tmp-\DefMic.exe VolumeInformation
    Source: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exeQueries volume information: C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exe VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSIDD79.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSIDD79.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSIF4AE.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSIF4AE.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeQueries volume information: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exe VolumeInformation
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeQueries volume information: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exe VolumeInformation
    Source: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exeQueries volume information: C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exe VolumeInformation
    Source: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exeQueries volume information: C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exe VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSIFFF9.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSIFFF9.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Windows\Installer\MSIFFF9.tmp-\DefMic.exeQueries volume information: C:\Windows\Installer\MSIFFF9.tmp-\DefMic.exe VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSIAF7.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSIAF7.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSI10D6.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSI10D6.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Windows\Installer\MSI10D6.tmp-\DefMic.exeQueries volume information: C:\Windows\Installer\MSI10D6.tmp-\DefMic.exe VolumeInformation
    Source: C:\Windows\Installer\MSI10D6.tmp-\sbdrvmgr.exeQueries volume information: C:\Windows\Installer\MSI10D6.tmp-\sbdrvmgr.exe VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSI175F.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\MSI175F.tmp-\ByomCustomAction.dll VolumeInformation
    Source: C:\Windows\System32\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
    1
    Replication Through Removable Media    		Windows Management Instrumentation11
    Windows Service    		11
    Windows Service    		133
    Masquerading    		OS Credential Dumping1
    Query Registry    		1
    Replication Through Removable Media    		1
    Archive Collected Data    		Exfiltration Over Other Network Medium1
    Encrypted Channel    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
    Default AccountsScheduled Task/Job1
    Registry Run Keys / Startup Folder    		12
    Process Injection    		1
    Disable or Modify Tools    		LSASS Memory1
    Security Software Discovery    		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataSIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
    Domain AccountsAt1
    DLL Side-Loading    		1
    Registry Run Keys / Startup Folder    		21
    Virtualization/Sandbox Evasion    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyData Encrypted for ImpactDNS ServerEmail Addresses
    Local AccountsCronLogin Hook1
    DLL Side-Loading    		12
    Process Injection    		NTDS21
    Virtualization/Sandbox Evasion    		Distributed Component Object ModelInput CaptureTraffic DuplicationProtocol ImpersonationData DestructionVirtual Private ServerEmployee Names
    Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Regsvr32    		LSA Secrets1
    Application Window Discovery    		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
    Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    Rundll32    		Cached Domain Credentials11
    Peripheral Device Discovery    		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
    External Remote ServicesSystemd TimersStartup ItemsStartup Items1
    Timestomp    		DCSync1
    File and Directory Discovery    		Windows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS
    Drive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    DLL Side-Loading    		Proc Filesystem23
    System Information Discovery    		Cloud ServicesCredential API HookingExfiltration Over Alternative ProtocolApplication Layer ProtocolDefacementServerlessNetwork Trust Dependencies
    Exploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
    File Deletion    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedExfiltration Over Symmetric Encrypted Non-C2 ProtocolWeb ProtocolsInternal DefacementMalvertisingNetwork Topology

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1364186 Sample: ScreenBeam_Conference_Windows.msi Startdate: 18/12/2023 Architecture: WINDOWS Score: 52 118 Yara detected Generic Downloader 2->118 9 msiexec.exe 331 366 2->9         started        13 msiexec.exe 26 2->13         started        process3 file4 102 C:\Windows\Installer\MSIFFF9.tmp, PE32+ 9->102 dropped 104 C:\Windows\Installer\MSIF4AE.tmp, PE32+ 9->104 dropped 106 C:\Windows\Installer\MSID5B7.tmp, PE32+ 9->106 dropped 114 201 other files (6 malicious) 9->114 dropped 122 Sample is not signed and drops a device driver 9->122 15 msiexec.exe 9->15         started        17 msiexec.exe 9->17         started        19 msiexec.exe 2 9->19         started        22 msiexec.exe 9->22         started        108 C:\Users\user\AppData\Local\...\MSICA1B.tmp, PE32 13->108 dropped 110 C:\Users\user\AppData\Local\...\MSIC9DB.tmp, PE32 13->110 dropped 112 C:\Users\user\AppData\Local\...\MSIC97C.tmp, PE32 13->112 dropped 116 18 other files (none is malicious) 13->116 dropped signatures5 process6 file7 24 rundll32.exe 15->24         started        28 rundll32.exe 15->28         started        30 rundll32.exe 15->30         started        38 4 other processes 15->38 32 rundll32.exe 8 17->32         started        34 rundll32.exe 17->34         started        36 rundll32.exe 9 17->36         started        40 2 other processes 17->40 78 C:\Users\user\AppData\Local\Temp\viewer.exe, PE32 19->78 dropped 80 C:\Users\user\AppData\Local\...\shi9497.tmp, PE32 19->80 dropped 82 C:\Users\user\AppData\Local\...\shiD545.tmp, PE32 22->82 dropped process8 file9 86 5 other files (2 malicious) 24->86 dropped 120 Drops executables to the windows directory (C:\Windows) and starts them 24->120 46 4 other processes 24->46 88 5 other files (2 malicious) 28->88 dropped 48 2 other processes 28->48 90 5 other files (2 malicious) 30->90 dropped 50 2 other processes 30->50 92 5 other files (none is malicious) 32->92 dropped 42 DefMic.exe 1 32->42         started        52 3 other processes 32->52 94 5 other files (none is malicious) 34->94 dropped 54 2 other processes 34->54 96 5 other files (none is malicious) 36->96 dropped 44 DefMic.exe 2 36->44         started        84 C:\Windows\Installer\...\DefMic.exe, PE32 38->84 dropped 98 19 other files (none is malicious) 38->98 dropped 56 2 other processes 38->56 100 10 other files (none is malicious) 40->100 dropped 58 2 other processes 40->58 signatures10 process11 process12 60 conhost.exe 42->60         started        62 conhost.exe 44->62         started        66 4 other processes 46->66 68 2 other processes 48->68 70 2 other processes 50->70 72 3 other processes 52->72 74 2 other processes 54->74 64 conhost.exe 56->64         started        76 2 other processes 58->76

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    ScreenBeam_Conference_Windows.msi8%ReversingLabs

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Program Files\ScreenBeam\Conference\app\BouncyCastle.Crypto.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\ControlzEx.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\OnvifClientLibrary.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBCamFilter64.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBRTSPAudio64.exe0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avcodec-58.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avformat-58.dll3%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avutil-56.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libcrypto-1_1-x64.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libssl-1_1-x64.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swresample-3.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swscale-5.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\OnvifClientLibrary.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBCamFilter32.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBRTSPAudio32.exe0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avcodec-58.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avformat-58.dll3%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avutil-56.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libcrypto-1_1.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libssl-1_1.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swresample-3.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swscale-5.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacdisable.exe0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacenable.exe0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Fizzler.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Hardcodet.NotifyIcon.Wpf.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\HtmlToXamlConverter.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Interop.NetFwTypeLib.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\MultiOnvifServer.exe0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libcrypto-1_1.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libssl-1_1.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\vcruntime140.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\zlibwapi.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Microsoft.Expression.Interactions.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\NLog.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Newtonsoft.Json.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.exe0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\SBConference.Common.dll3%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\SBConference.Model.dll3%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\SBConference.ViewModel.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.exe0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\SharpDX.DXGI.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\SharpDX.Direct3D9.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\SharpDX.Mathematics.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\SharpDX.MediaFoundation.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\SharpDX.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.exe0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Svg.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\System.Buffers.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\System.Memory.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\System.Numerics.Vectors.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\System.Runtime.CompilerServices.Unsafe.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\System.Runtime.WindowsRuntime.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\System.ValueTuple.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\System.Windows.Interactivity.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.FoundationContract.winmd0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.UniversalApiContract.winmd0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\Windows.WinMD0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\XamlAnimatedGif.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\de\MahApps.Metro.resources.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\en-US\SBConference.Model.resources.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\app\qf4net.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbcp.exe0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbkd.sys0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbcp.exe0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbkd.sys0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x64\wdmdrvmgr.exe0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x86\wdmdrvmgr.exe0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\service\CreateProcessAsUser.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\service\Microsoft.Win32.Primitives.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\service\NLog.dll0%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\service\SBConference.Common.dll3%ReversingLabs
    C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.exe3%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://www.twolame.org/0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    fp2e7a.wpc.phicdn.net
    		192.229.211.108
    		truefalse
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://www.onvif.org/ver10/replay/wsdl/GetReplayConfigurationOnvifClientLibrary.dll.1.drfalse
        		high
        http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfileInfoOnvifClientLibrary.dll.1.drfalse
          		high
          http://www.onvif.org/ver10/provisioning/wsdl/RollMoveuOnvifClientLibrary.dll.1.drfalse
            		high
            http://www.onvif.org/ver10/provisioning/wsdl/StopOnvifClientLibrary.dll.1.drfalse
              		high
              http://docs.oasis-open.org/wsn/bw-2/PausableSubscriptionManager/ResumeSubscriptionRequestOnvifClientLibrary.dll.1.drfalse
                		high
                http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorListOnvifClientLibrary.dll.1.drfalse
                  		high
                  http://www.onvif.org/ver10/device/wsdl/DeleteStorageConfigurationOnvifClientLibrary.dll.1.drfalse
                    		high
                    https://nlog-project.org/NLog.dll.1.drfalse
                      		high
                      http://www.onvif.org/ver10/schedule/wsdl/GetSpecialDayGroupscOnvifClientLibrary.dll.1.drfalse
                        		high
                        http://www.onvif.org/ver10/thermal/wsdl/GetRadiometryConfigurationOptions=OnvifClientLibrary.dll.1.drfalse
                          		high
                          http://www.onvif.org/ver10/provisioning/wsdl/StopwOnvifClientLibrary.dll.1.drfalse
                            		high
                            http://www.onvif.org/ver10/thermal/wsdl/GetConfigurationOnvifClientLibrary.dll.1.drfalse
                              		high
                              http://www.onvif.org/ver10/search/wsdl/GetMetadataSearchResultsOnvifClientLibrary.dll.1.drfalse
                                		high
                                http://www.onvif.org/ver10/media/wsdl/RemoveVideoAnalyticsConfigurationOnvifClientLibrary.dll.1.drfalse
                                  		high
                                  http://www.onvif.org/ver10/schedule/wsdl/GetScheduleListOnvifClientLibrary.dll.1.drfalse
                                    		high
                                    http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfileListOnvifClientLibrary.dll.1.drfalse
                                      		high
                                      http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorInfoOnvifClientLibrary.dll.1.drfalse
                                        		high
                                        http://www.onvif.org/ver20/imaging/wsdl/GetCurrentPresetOnvifClientLibrary.dll.1.drfalse
                                          		high
                                          http://www.onvif.org/ver10/device/wsdl/GetStorageConfigurationOnvifClientLibrary.dll.1.drfalse
                                            		high
                                            http://www.onvif.org/ver10/recording/wsdl/GetServiceCapabilitiesOnvifClientLibrary.dll.1.drfalse
                                              		high
                                              http://www.onvif.org/ver20/ptz/wsdl/GotoHomePositionOnvifClientLibrary.dll.1.drfalse
                                                		high
                                                http://www.onvif.org/ver10/accessrules/wsdl/GetAccessProfilesTOnvifClientLibrary.dll.1.drfalse
                                                  		high
                                                  http://www.onvif.org/ver10/credential/wsdl/GetCredentialStateFOnvifClientLibrary.dll.1.drfalse
                                                    		high
                                                    http://docs.oasis-open.org/wsn/bw-2/NotificationProducer/SubscribeRequestOnvifClientLibrary.dll.1.drfalse
                                                      		high
                                                      http://www.onvif.org/ver10/device/wsdl/SetNetworkDefaultGatewayOnvifClientLibrary.dll.1.drfalse
                                                        		high
                                                        http://www.onvif.org/ver10/receiver/wsdl/CreateReceiverlOnvifClientLibrary.dll.1.drfalse
                                                          		high
                                                          http://www.onvif.org/ver10/credential/wsdl/GetCredentialsOnvifClientLibrary.dll.1.drfalse
                                                            		high
                                                            http://www.onvif.org/ver10/provisioning/wsdl/ZoomMovetOnvifClientLibrary.dll.1.drfalse
                                                              		high
                                                              http://www.onvif.org/ver10/doorcontrol/wsdl/LockOpenReleaseDoor/OnvifClientLibrary.dll.1.drfalse
                                                                		high
                                                                http://www.onvif.org/ver10/media/wsdl/DeleteProfileOnvifClientLibrary.dll.1.drfalse
                                                                  		high
                                                                  http://www.onvif.org/ver10/media/wsdl/SetOSDOnvifClientLibrary.dll.1.drfalse
                                                                    		high
                                                                    http://www.onvif.org/ver10/credential/wsdl/GetCredentialStateOnvifClientLibrary.dll.1.drfalse
                                                                      		high
                                                                      http://www.onvif.org/ver10/media/wsdl/GetAudioEncoderConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                        		high
                                                                        http://www.onvif.org/ver20/media/wsdl/GetMasksOnvifClientLibrary.dll.1.drfalse
                                                                          		high
                                                                          http://www.onvif.org/ver10/doorcontrol/wsdl/LockDoorOnvifClientLibrary.dll.1.drfalse
                                                                            		high
                                                                            http://www.onvif.org/ver10/media/wsdl/RemoveVideoSourceConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                              		high
                                                                              http://www.onvif.org/ver10/thermal/wsdl/GetConfigurationOptions:OnvifClientLibrary.dll.1.drfalse
                                                                                		high
                                                                                http://www.onvif.org/ver20/ptz/wsdl/OperatePresetTourOnvifClientLibrary.dll.1.drfalse
                                                                                  		high
                                                                                  http://www.onvif.org/ver10/deviceio/wsdl/GetDigitalInputsOnvifClientLibrary.dll.1.drfalse
                                                                                    		high
                                                                                    http://www.onvif.org/ver10/device/wsdl/GetDot11StatusOnvifClientLibrary.dll.1.drfalse
                                                                                      		high
                                                                                      http://www.onvif.org/ver10/device/wsdl/GetRemoteUserOnvifClientLibrary.dll.1.drfalse
                                                                                        		high
                                                                                        http://www.onvif.org/ver10/thermal/wsdl/SetConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                          		high
                                                                                          https://www.nuget.org/packages/NLog.Web.AspNetCoreNLog.dll.1.drfalse
                                                                                            		high
                                                                                            http://www.onvif.org/ver10/device/wsdl/GetIPAddressFilterOnvifClientLibrary.dll.1.drfalse
                                                                                              		high
                                                                                              http://www.onvif.org/ver10/doorcontrol/wsdl/GetServiceCapabilitiesOnvifClientLibrary.dll.1.drfalse
                                                                                                		high
                                                                                                http://www.onvif.org/ver20/media/wsdl/GetVideoSourceModesOnvifClientLibrary.dll.1.drfalse
                                                                                                  		high
                                                                                                  http://www.twolame.org/avcodec-58.dll.1.drfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://www.onvif.org/ver10/media/wsdl/GetVideoEncoderConfigurationOptionsOnvifClientLibrary.dll.1.drfalse
                                                                                                    		high
                                                                                                    http://www.onvif.org/ver10/media/wsdl/SetVideoAnalyticsConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                                      		high
                                                                                                      http://www.onvif.org/ver10/media/wsdl/GetVideoSourceConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                                        		high
                                                                                                        http://www.onvif.org/ver10/device/wsdl/AddIPAddressFilterOnvifClientLibrary.dll.1.drfalse
                                                                                                          		high
                                                                                                          http://www.onvif.org/ver10/doorcontrol/wsdl/GetDoorInfo%OnvifClientLibrary.dll.1.drfalse
                                                                                                            		high
                                                                                                            http://www.onvif.org/ver20/analytics/wsdl/GetAnalyticsModuleOptionsOnvifClientLibrary.dll.1.drfalse
                                                                                                              		high
                                                                                                              http://www.onvif.org/ver10/credential/wsdl/DisableCredentialHOnvifClientLibrary.dll.1.drfalse
                                                                                                                		high
                                                                                                                http://www.onvif.org/ver10/device/wsdl/DeleteUsersOnvifClientLibrary.dll.1.drfalse
                                                                                                                  		high
                                                                                                                  http://www.onvif.org/ver10/accessrules/wsdl/CreateAccessProfileVOnvifClientLibrary.dll.1.drfalse
                                                                                                                    		high
                                                                                                                    http://www.onvif.org/ver10/doorcontrol/wsdl/LockDownReleaseDoor-OnvifClientLibrary.dll.1.drfalse
                                                                                                                      		high
                                                                                                                      http://www.onvif.org/ver10/media/wsdl/DeleteOSDOnvifClientLibrary.dll.1.drfalse
                                                                                                                        		high
                                                                                                                        http://www.onvif.org/ver10/media/wsdl/GetServiceCapabilitiesOnvifClientLibrary.dll.1.drfalse
                                                                                                                          		high
                                                                                                                          http://www.onvif.org/ver20/media/wsdl/DeleteProfileOnvifClientLibrary.dll.1.drfalse
                                                                                                                            		high
                                                                                                                            http://www.onvif.org/ver20/media/wsdl/SetAudioSourceConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                                                              		high
                                                                                                                              http://www.onvif.org/ver10/media/wsdl/RemovePTZConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                                                                		high
                                                                                                                                http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesTNLog.dll.1.drfalse
                                                                                                                                  		high
                                                                                                                                  http://www.onvif.org/ver10/provisioning/wsdl/GetServiceCapabilitiesOnvifClientLibrary.dll.1.drfalse
                                                                                                                                    		high
                                                                                                                                    http://www.onvif.org/ver10/credential/wsdl/GetCredentialAccessProfilesOnvifClientLibrary.dll.1.drfalse
                                                                                                                                      		high
                                                                                                                                      http://www.onvif.org/ver10/schedule/wsdl/GetScheduleStateOnvifClientLibrary.dll.1.drfalse
                                                                                                                                        		high
                                                                                                                                        http://www.onvif.org/ver10/device/wsdl/StartSystemRestoreOnvifClientLibrary.dll.1.drfalse
                                                                                                                                          		high
                                                                                                                                          http://www.onvif.org/ver10/credential/wsdl/EnableCredentialOnvifClientLibrary.dll.1.drfalse
                                                                                                                                            		high
                                                                                                                                            http://www.onvif.org/ver20/media/wsdl/SetAudioEncoderConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                                                                              		high
                                                                                                                                              http://www.onvif.org/ver10/device/wsdl/SetScopesOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                		high
                                                                                                                                                http://www.onvif.org/ver10/thermal/wsdl/GetRadiometryConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.onvif.org/ver10/device/wsdl/SetNTPOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.onvif.org/ver20/analytics/wsdl/ModifyAnalyticsModulesOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.onvif.org/ver10/device/wsdl/GetNetworkProtocolsOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.onvif.org/ver10/accessrules/wsdl/GetServiceCapabilitiesQOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.onvif.org/ver10/search/wsdl/GetEventSearchResultsOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.onvif.org/ver10/credential/wsdl/GetCredentialListBOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.onvif.org/ver20/ptz/wsdl/GetConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                		high
                                                                                                                                                                http://www.onvif.org/ver10/media/wsdl/RemoveAudioSourceConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://www.onvif.org/ver10/media/wsdl/RemoveAudioDecoderConfigurationOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://www.onvif.org/ver20/imaging/wsdl/SetCurrentPresetOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://www.onvif.org/ver20/media/wsdl/GetAudioSourceConfigurationsOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.onvif.org/ver10/doorcontrol/wsdl/DeleteDoor5OnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://www.onvif.org/ver10/receiver/wsdl/ConfigureReceiverOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://www.onvif.org/ver10/receiver/wsdl/GetReceiverStateOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://www.onvif.org/ver10/thermal/wsdl/GetRadiometryConfiguration;OnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://www.onvif.org/ver10/search/wsdl/FindMetadataOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://www.onvif.org/ver10/doorcontrol/wsdl/LockDoor(OnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://www.onvif.org/ver20/analytics/wsdl/ModifyRulesOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://www.onvif.org/ver10/accesscontrol/wsdl/DisableAccessPointOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://www.onvif.org/ver20/ptz/wsdl/GetStatusOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://www.onvif.org/ver10/accesscontrol/wsdl/GetServiceCapabilitiesOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://www.onvif.org/ver10/device/wsdl/GetDNSOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://www.onvif.org/ver10/events/wsdl/EventPortType/CreatePullPointSubscriptionRequestOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://www.onvif.org/ver10/device/wsdl/GetScopesOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://www.onvif.org/ver10/recording/wsdl/DeleteTrackOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://x265.orgavcodec-58.dll.1.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://www.onvif.org/ver10/media/wsdl/SetSynchronizationPointOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://www.onvif.org/ver10/schedule/wsdl/ModifySchedule_OnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://www.onvif.org/ver10/thermal/wsdl/GetConfigurationsOnvifClientLibrary.dll.1.drfalse
                                                                                                                                                                                                            		high

                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                            No contacted IP infos

                                                                                                                                                                                                            General Information

                                                                                                                                                                                                            Joe Sandbox version:38.0.0 Ammolite
                                                                                                                                                                                                            Analysis ID:1364186
                                                                                                                                                                                                            Start date and time:2023-12-18 22:37:52 +01:00
                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                            Overall analysis duration:0h 10m 18s
                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                            Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                            Number of analysed new started processes analysed:59
                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                            Sample name:ScreenBeam_Conference_Windows.msi
                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                            Classification:mal52.troj.evad.winMSI@96/422@0/0
                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                            • Successful, ratio: 3.3%
                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                            • Successful, ratio: 98%
                                                                                                                                                                                                            • Number of executed functions: 428
                                                                                                                                                                                                            • Number of non-executed functions: 0
                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                            • Found application associated with file extension: .msi
                                                                                                                                                                                                            • Close Viewer

                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ocsp.edge.digicert.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                            • Execution Graph export aborted for target DefMic.exe, PID 1136 because it is empty
                                                                                                                                                                                                            • Execution Graph export aborted for target DefMic.exe, PID 1456 because it is empty
                                                                                                                                                                                                            • Execution Graph export aborted for target DefMic.exe, PID 2568 because it is empty
                                                                                                                                                                                                            • Execution Graph export aborted for target DefMic.exe, PID 2680 because it is empty
                                                                                                                                                                                                            • Execution Graph export aborted for target DefMic.exe, PID 3896 because it is empty
                                                                                                                                                                                                            • Execution Graph export aborted for target DefMic.exe, PID 4092 because it is empty
                                                                                                                                                                                                            • Execution Graph export aborted for target DefMic.exe, PID 5304 because it is empty
                                                                                                                                                                                                            • Execution Graph export aborted for target DefMic.exe, PID 6008 because it is empty
                                                                                                                                                                                                            • Execution Graph export aborted for target DefMic.exe, PID 6336 because it is empty
                                                                                                                                                                                                            • Execution Graph export aborted for target DefMic.exe, PID 7128 because it is empty
                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 1848 because there are no executed function
                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 2140 because there are no executed function
                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 4088 because there are no executed function
                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 5132 because there are no executed function
                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 5272 because there are no executed function
                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 5744 because there are no executed function
                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 5820 because there are no executed function
                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 6604 because there are no executed function
                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 6992 because there are no executed function
                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 7128 because there are no executed function
                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 772 because there are no executed function
                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 976 because there are no executed function
                                                                                                                                                                                                            • Execution Graph export aborted for target sbdrvmgr.exe, PID 1516 because it is empty
                                                                                                                                                                                                            • Execution Graph export aborted for target sbdrvmgr.exe, PID 3128 because it is empty
                                                                                                                                                                                                            • Execution Graph export aborted for target sbdrvmgr.exe, PID 3872 because it is empty
                                                                                                                                                                                                            • Execution Graph export aborted for target sbdrvmgr.exe, PID 5856 because it is empty
                                                                                                                                                                                                            • Execution Graph export aborted for target sbdrvmgr.exe, PID 6328 because it is empty
                                                                                                                                                                                                            • Execution Graph export aborted for target sbdrvmgr.exe, PID 6968 because it is empty
                                                                                                                                                                                                            • Execution Graph export aborted for target sbdrvmgr.exe, PID 716 because it is empty
                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                            • VT rate limit hit for: ScreenBeam_Conference_Windows.msi

                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                            No simulations

                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                            IPs

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            Domains

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            fp2e7a.wpc.phicdn.netPagamento-_K102023.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                            • 192.229.211.108
                                                                                                                                                                                                            Order_Mr._Pastor.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                            • 192.229.211.108
                                                                                                                                                                                                            RemittanceAdviceNotification95002639322.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                            • 192.229.211.108
                                                                                                                                                                                                            FV23-8165.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                            • 192.229.211.108
                                                                                                                                                                                                            VS0880000452_202312.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                                            • 192.229.211.108
                                                                                                                                                                                                            NbN47VasP7.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                            • 192.229.211.108
                                                                                                                                                                                                            aNMgpTs3bp.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                            • 192.229.211.108
                                                                                                                                                                                                            FTq09uH032.exeGet hashmaliciousRisePro Stealer, SmokeLoader, VidarBrowse
                                                                                                                                                                                                            • 192.229.211.108
                                                                                                                                                                                                            O5piRsnwTv.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                            • 192.229.211.108
                                                                                                                                                                                                            InvRF83038.vbsGet hashmaliciousGuLoader, XWormBrowse
                                                                                                                                                                                                            • 192.229.211.108
                                                                                                                                                                                                            East Asian affairs.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 192.229.211.108
                                                                                                                                                                                                            2BD87WlahoXtBSzszf95a8e2XrSunrRS8xM.vbsGet hashmaliciousGuLoader, XWormBrowse
                                                                                                                                                                                                            • 192.229.211.108
                                                                                                                                                                                                            8as7BA35XQ.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5SystemzBrowse
                                                                                                                                                                                                            • 192.229.211.108
                                                                                                                                                                                                            Banco_SWIFT.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                            • 192.229.211.108
                                                                                                                                                                                                            Hospital_Inquiry_List_3892892921.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                            • 192.229.211.108
                                                                                                                                                                                                            PO-AXIS-3110004327.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                            • 192.229.211.108
                                                                                                                                                                                                            pdf(1).exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                            • 192.229.211.108
                                                                                                                                                                                                            pdf.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                            • 192.229.211.108
                                                                                                                                                                                                            paj1VJXIOY.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 192.229.211.108
                                                                                                                                                                                                            IjguKBZReT.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                            • 192.229.211.108

                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                            C:\Config.Msi\62ca49.rbs

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):409173
                                                                                                                                                                                                            Entropy (8bit):6.65924920026962
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:JYK4xsB95xMzgFkesmW1XAOKoUSUU++VWRAItCcol:+K4xC95xMMFd8JUSWRAIUcol
                                                                                                                                                                                                            MD5:6273C49F4C94792DCC436B439B645FBB
                                                                                                                                                                                                            SHA1:2522B6C70423949A9DCBB47B77681F34272FADB0
                                                                                                                                                                                                            SHA-256:30E6D7E518CE671CF3550392E5C65B02D79BAD25865136901A77D3D13E7BC8EE
                                                                                                                                                                                                            SHA-512:FC16FD4B967D77AECF55CF31A45EE811194F008F344DE6678AED9AEBF19A63A1A9B38637614EC17C6EC402C19B48C78FCD1652DFA57ADFF5DC6D800DD4CEFD87
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...@IXOS.@.....@...W.@.....@.....@.....@.....@.....@......&.{9C551A83-C7FC-408C-96BE-AF933DBAD65B}..ScreenBeam Conference!.ScreenBeam_Conference_Windows.msi.@.....@.....@.....@......ScreenBeam.exe..&.{F451DF01-DEEE-4799-9D74-C13F54F5C275}.....@.....@.....@.....@.......@.....@.....@.......@......ScreenBeam Conference......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{7199D981-9853-484B-8139-2C2B34F1FA2A}&.{9C551A83-C7FC-408C-96BE-AF933DBAD65B}.@......&.{EC32DB67-553E-42DB-8AB0-D93C26D64C7E}&.{9C551A83-C7FC-408C-96BE-AF933DBAD65B}.@......&.{85245CA4-064E-4C9A-A44A-343774C760F3}&.{9C551A83-C7FC-408C-96BE-AF933DBAD65B}.@......&.{041A7DD2-445F-4C98-9186-26507D7F21CB}&.{9C551A83-C7FC-408C-96BE-AF933DBAD65B}.@......&.{842B369E-7954-42CE-9AB2-483659A134B0}&.{9C551A83-C7FC-408C-96BE-AF933DBAD65B}.@......&.{83A516A4-A4ED-41F1-9664-F5C300DB76DF}&.{9C551A83-C7FC-408C-96BE-AF933DBAD65B}.@......&.{D6B39E0

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\ScreenBeam.bmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 128 x 128 x 32, cbSize 65674, bits offset 138
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):65674
                                                                                                                                                                                                            Entropy (8bit):1.2805694815835584
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:ShnSIinOAsEqANIz8SmIpCvlPPlU7ppLkzDPDQLXK6BWL3FoX5vD6qN88+:mlin5/NE2N2ppLkXPQX21ODPv+
                                                                                                                                                                                                            MD5:58B1F585FF6CF1FFBECD9E063D15663F
                                                                                                                                                                                                            SHA1:DE69F2894AA800DA0A6B2AD5564478352FC213B2
                                                                                                                                                                                                            SHA-256:5821322E5650C78A47E986C99507E58F79B507C8BD33C35E39FC799BDA9A963C
                                                                                                                                                                                                            SHA-512:D67164A9725CA4A3DF88FB102512AB8B27B56D5E7441105F03ACA6466214E5CE414BB49C7BBBCDD187CF7BD42742BD1BDA474FDD16F5E0CB1E0A10CCC6C3F991
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:BM............|............. .........#...#...........................BGRs..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\ScreenBeam.ico

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16958
                                                                                                                                                                                                            Entropy (8bit):2.3402736777188395
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:a+Ngz9wjTeE7144BQ2DFFnEbHIcXExGErQa2Nvv4wG:acgz9qaE7144BQ2DPEzEMErQaAX4L
                                                                                                                                                                                                            MD5:D75CA2815FA84BC36C36D18B6AD9048F
                                                                                                                                                                                                            SHA1:5353AE1430AC909C25484047713712520C3A2AE2
                                                                                                                                                                                                            SHA-256:3B156EDE48A466BDEC4FF5F230B2841899DF2B0A4ED7A645CFF72F7DC3CBC318
                                                                                                                                                                                                            SHA-512:008A5D9B83143AC59ECF5CC2654C2597199052B0876225CF32102188F192DC7CAA87F3D7DC76E03C76AB682884198DD6A5CC3DC3AF6993DD9A7C47AB85832496
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......@@.... .(B......(...@......... ......@........................................._...................................................................................................................................................................................................................j...................................8...................................................................................................................................................................................................................................J.......................T................................................................................................................|bT.......................................................................................................................e...............5................................................................................................................pSD.L(..W5#.......................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\BouncyCastle.Crypto.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2246936
                                                                                                                                                                                                            Entropy (8bit):5.776355280166642
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:xFSSSusJVEDm2CNrmynmTF3P++3UEOkK59Vz4oukkb3KZ5:xFSSSusJeDm2WrmynmTF3m+E
                                                                                                                                                                                                            MD5:3FEBE8035D2184956A3B2FE126F051FC
                                                                                                                                                                                                            SHA1:39817F3422D527C4F111853564023F7726D02C2F
                                                                                                                                                                                                            SHA-256:7672AAA863BF1A46A294B8C871BD29058AA7834611A09D45D841C679F1B53E38
                                                                                                                                                                                                            SHA-512:7CB7F2E67E704F7786E484EF83621159DF7D63DF554632C378B2B2D5A8E8BDE782133DE42170814E6A76E4D0A90EF75F72CFE2DBF3A9C3CEF9D512ED765964D6
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...aI.V...........!......!.. ......>.".. ... "...@.. .......................`"......H#.......................................".S.... ".`............ "..)...@"...................................................... ............... ..H............text...D.!.. ....!................. ..`.rsrc...`.... ".......".............@..@.reloc.......@".......".............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\ControlzEx.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):252696
                                                                                                                                                                                                            Entropy (8bit):6.354889816974437
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:M6bRKhjsomR8PpY82VG7gP2rxp+7vVNviPF1WANK+5:M6Yye
                                                                                                                                                                                                            MD5:6B87AD0CD5FF64442A1ABED195928825
                                                                                                                                                                                                            SHA1:698B48FBF08775F533BB12548243C304B386FC63
                                                                                                                                                                                                            SHA-256:1AE79BC33C4891F1A9DA4A371E92F07119342CA31536D6BFC7AD12BBB016E37B
                                                                                                                                                                                                            SHA-512:ABE8F021DACE83972A89A3A0D490E4E70AF9249036843AEACCFA2BAA4B4C43A49DCF9319A294415FFE5C8DAAD79E357A16833E9AD1FA5AF4246CE45C54401C60
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ....................... ............`.....................................O........................)..........0...8............................................ ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......4 ..4p..........h...H5............................................(C...*..(C...*^.(C..........%...}....*:.(C.....}....*:.(C.....}....*2.~....(D...*6.~.....(E...*F.~....(D...t&...*6.~.....(E...*F.~....(D....'...*J.~......'...(E...*F.~....(D....(...*J.~......(...(E...*F.~....(D....)...*J.~......)...(E...*F.~....(D........*J.~..........(E...*F.~....(D...t*...*6.~.....(E...*F.~....(D...t*...*6.~.....(E...*F.~....(D...t*...*6.~.....(E...*F.~....(D....+...*J.~......+...(E..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\ControlzEx.pdb

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:MSVC program database ver 7.00, 512*1647 bytes
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):843264
                                                                                                                                                                                                            Entropy (8bit):5.758644766369451
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:UmM/3QPubNiFGNnvG2TF6HeYNg9mM/3QPubNiyg2TF:l+3QmMFGNnvnTFSeYNj+3QmMypTF
                                                                                                                                                                                                            MD5:3C429F78E96B6C009A11E64711C8D147
                                                                                                                                                                                                            SHA1:92C0896C60437E5A3655214ED8EC507C21B8B372
                                                                                                                                                                                                            SHA-256:D1632349A5BED60C6CD6118A5559C794C6CD6B6E30A33B4AF0B00F2ABC867E31
                                                                                                                                                                                                            SHA-512:2972DF0E51F07E22AF84D9E76B3DA405188E6F5508346E844AA7197865EA68DBA79158284761888F109AE03A9BC94CF7E7F8E1CF3A46EA3D00B05FC0F57F5B55
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Microsoft C/C++ MSF 7.00...DS...........o...........l...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\ControlzEx.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):172506
                                                                                                                                                                                                            Entropy (8bit):4.677612844082003
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:3WA8J2D7EiLCG8GkJiy1UTvKSe6MBGjy6CV4qIuLCbD6vFx03Bt3Xvt3fU:3WA827EiLCG8GUpU9CV4qIuLqez8JV3M
                                                                                                                                                                                                            MD5:5157BF5DABBEC676D862F0A008F0A352
                                                                                                                                                                                                            SHA1:970DFA0A6E4C4CCE6D6E51D19F3BAA217D3C826E
                                                                                                                                                                                                            SHA-256:88BBCE0EB7059680C253DB0B2F8DB11D284D1E5BDF44B7DD329E25E270B2A18E
                                                                                                                                                                                                            SHA-512:A341CF11652D9B6D75E04D52FAE99A72ECB317BC683D3836B1AA8D9968EC454B8DF496ECE70E88DA4CE1A4F6CEA3D789F210BDC27923197F105A4DEDC2E88240
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>ControlzEx</name>.. </assembly>.. <members>.. <member name="T:ControlzEx.Automation.Peers.TabControlExAutomationPeer">.. <summary>.. Automation-Peer for <see cref="T:ControlzEx.Controls.TabControlEx" />... </summary>.. </member>.. <member name="M:ControlzEx.Automation.Peers.TabControlExAutomationPeer.#ctor(System.Windows.Controls.TabControl)">.. <summary>.. Initializes a new instance... </summary>.. </member>.. <member name="M:ControlzEx.Automation.Peers.TabControlExAutomationPeer.CreateItemAutomationPeer(System.Object)">.. <inheritdoc />.. </member>.. <member name="T:ControlzEx.Automation.Peers.TabItemExAutomationPeer">.. <summary>.. Automation-Peer for <see cref="T:System.Windows.Controls.TabItem" /> in <see cref="T:ControlzEx.Controls.TabControlEx" />...

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x64\OnvifClientLibrary.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):736536
                                                                                                                                                                                                            Entropy (8bit):6.147082907993345
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:DXTxgGpJxna4ZAVct9dwZpnjHAHS1M3a9Omuju9gQiK9pJczINMyLUO7HEYZ:Xy4+cXdwfMHSzOm6ypJeINBbt
                                                                                                                                                                                                            MD5:9754D94F988D7E03E0B521EC0942C547
                                                                                                                                                                                                            SHA1:9A4BA9DE72AA5879EC995465E8DEF76F17D7F2CB
                                                                                                                                                                                                            SHA-256:CCB10743A786DA21CEC25DB8FF406193109701F2813FBEEAE1E0C5E39129DEE0
                                                                                                                                                                                                            SHA-512:D30B895E941640A55EB884C7D31A3E7269309EF146DBD2A8A6EE2C96C7DE899A882D05AF73F3B327D8CEC88C2E8A01A8892B66968EE32F1E0FC54806A3CF60EC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,..B..B..B.......B...C..B.X.C..B.Q....B...A..B...G..B...F..B..D...B..C.M.B.X.K..B.X.B..B.]...B.X.@..B.Rich.B.................PE..d.....5_.........." .....^..........T_.......................................p......zu....`......................................... |..............P...................)...`..0.......p............................................p..x............................text....].......^.................. ..`.rdata.......p.......b..............@..@.data..............................@....pdata..............................@..@.gfids.......@......................@..@.rsrc........P......................@..@.reloc..0....`......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBCamFilter64.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):220952
                                                                                                                                                                                                            Entropy (8bit):6.357563805308744
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:6rhj/qfa2x0qDE5NmergYEEf0nbAJu0/VoVAh+YCyEvpfBIrnaScuMZ:W7qfapz5NmergbsJpVoU+PyEvpfBIWF
                                                                                                                                                                                                            MD5:41C5A3E5AB2253720DBC45F53486ADE1
                                                                                                                                                                                                            SHA1:BAE7332A06C34BD243BD94F51D37574D98203A51
                                                                                                                                                                                                            SHA-256:36AE8C7049AC1AA357AC2F0D48984E2D836E95679502593A8BD1265943A262B9
                                                                                                                                                                                                            SHA-512:8081E7E183192E70764FD72AF5BC3769E6847C31222307866586AE953D18A2CD000A06F0C7830ECCEA98BDB1D6DA5F5E3D27639B4CED648B79C43B517DBF1F95
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......|..8...8...8...1...6......:....F.;......;.............4....PO.<.....;....PJ.(...8.......PQ.9...8...&.....'.....9....~.9...8...9.....9...Rich8...................PE..d.....\e.........." .........h............................................................ .........................................P....... ........p..X....0...&...6...)..............T...........................@................................................text...~........................... ..`.rdata........... ..................@..@.data...............................@....pdata...&...0...(..................@..@.gfids..D....`.......(..............@..@.rsrc...X....p.......*..............@..@.reloc...............2..............@..B........................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x64\SBRTSPAudio64.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):128280
                                                                                                                                                                                                            Entropy (8bit):6.421165608185727
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:3UfgtL9+VqiKW+JTKHX2tvJW5MqTJfFFfEu5ol7X2Um6c7NX7SekCn+L4oQ7Q3x:r9nJNJW5MqTFcu4X2UadlnDM
                                                                                                                                                                                                            MD5:401506FB887534ED7DD950993CD76C1D
                                                                                                                                                                                                            SHA1:EEE1F934B6F3B19009F31E9E2675B3C015828051
                                                                                                                                                                                                            SHA-256:2C87AA4CD2B58E20BF44D27EB1F589A4A9E22E84B6496BDE91CA54361BF0CA14
                                                                                                                                                                                                            SHA-512:BCE18C68BAC4A174FD7EA233161F75940E767016825EA7F5591CCB31DC9D53E3C8889BA3B34FDE41DEEE3F8FD61F62537F310E06943D4CCB5B4BC5AE0F0FBDE0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........2..da..da..da...a..da..e`..da7y.a..da..g`..da..a`..da..``..dat&.a..dat&.a..da..ea..da..da..da>.m`..da;..a..da>.f`..daRich..da........................PE..d...X.\e.........."......F...........E.........@....................................r.....`.................................................................`...........)......`...@...p............................................`..@............................text....D.......F.................. ..`.rdata...d...`...f...J..............@..@.data...P...........................@....pdata.......`......................@..@.gfids..8...........................@..@.rsrc...............................@..@.reloc..`...........................@..B................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avcodec-58.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):63853336
                                                                                                                                                                                                            Entropy (8bit):6.731107600565096
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:393216:9ZUUv1DLIy8a6qJWDa2g+qloXyxE8JebXXpiom2QAmS2dh:9LdIyW+UwoyG5DpkFdh
                                                                                                                                                                                                            MD5:7043BD72BA2D2DEFB319ADC246A86706
                                                                                                                                                                                                            SHA1:0010058F202A7C29FAA63B1D55A405BCC438B4EC
                                                                                                                                                                                                            SHA-256:5AB5A8A60885B27491ED85DFBEC3941AF79FDF979025869C60B5B3B7FAAD2C7A
                                                                                                                                                                                                            SHA-512:4DCF8851A5FED8CA0F760BB19380A8BE81AC1B0D1B92C7C8D28755B6BB00617103F739EDBDE14B394C4F5FF74B9041254F201C38245688E80DF7FBF083FFDEE5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...$..6..&....+.P........................................P.......-....`... .........................................r........U...0..........0h...*...)...@...............................V..(....................................................text.....6.......6.................`.``.data.........6.......6.............@.`..rdata...{...<...{...<.............@..@.rodata.l:...`...<...B..............@.`@.pdata..0h.......j...~..............@.0@.xdata..L..........................@.0@.bss....`.+...........................p..edata..r........ ..................@.0@.idata...U.......V..................@.0..CRT................................@.@..tls......... ......................@.@..rsrc........0....... ..............@.0..reloc.......@.......$..............@.0B........................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avformat-58.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):14810392
                                                                                                                                                                                                            Entropy (8bit):6.598068367139124
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:196608:uPWnEwrmp+eNN9frDN/kAOJV/lzfEapne1:uPWnt3e7ZrDN/kAOvea
                                                                                                                                                                                                            MD5:E11DBA28D05D00C92C1CBA5BBBE475D1
                                                                                                                                                                                                            SHA1:4B0B3081D243C2C6D13C2B3E4F257E2F823C3F91
                                                                                                                                                                                                            SHA-256:9363678DF2EAE4F6D73066C2272D1E6E7A3BDE9515D3BFFD03D50F575C9A9D8D
                                                                                                                                                                                                            SHA-512:533742D4D390C3FC062805B0C8DAC48691095B6A74471297A8E7EDFF44135A2E54DB04A9A2FE25A4DED71617491073207FF637018E967CB51E4E87FC356BBC4A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...$............P........................................`.......\....`... ......................................p..t.......Hl... ...................)...0...!..............................(...................|................................text...x...........................`..`.data....2.......4..................@.`..rodata.............................@.0..rdata....1.......1.................@.p@.pdata..............................@.0@.xdata...V.......X..................@.@@.bss....`....P........................`..edata..t....p....... ..............@.0@.idata..Hl.......n...<..............@.0..CRT....`...........................@.@..tls................................@.@..rsrc........ ......................@.0..reloc...!...0..."..................@.0B........................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x64\avutil-56.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1300248
                                                                                                                                                                                                            Entropy (8bit):6.473555803675975
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:rgv//dfzgfczGYxgt0K8nKKqv74N4VmTUtzRbMsp5bJmAnAygYJR3fQp4RsaMquj:o7hzGYxg+twRbMspLmAFx/3OgNsz
                                                                                                                                                                                                            MD5:21EA93E89AF1A04321947F4D486E5152
                                                                                                                                                                                                            SHA1:1D497DB935622084FCB2F52EAC50C215CD012DCE
                                                                                                                                                                                                            SHA-256:9AB9A46B59B8D45587FC77A19E9C54B21FADF758528FD4852571D2E5D01B48DE
                                                                                                                                                                                                            SHA-512:DB81212FA9BA0A22F37ABA4B1863669B28A0F4DE8B6ADB9D0FB772FC130052D447F36E7C13FD076917CD7CE7A0EC94140394F0F395D2DA0062DBB44960D9B5FC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...$.`........!.P........................................ 5......u....`... ......................................`4..?....4..%....4.x....0..\........)....5..............................g..(.....................4.`............................text...h^.......`..................`.P`.data...@....p.......d..............@.`..rdata...............l..............@.`@.pdata..\....0......................@.0@.xdata..0...........................@.0@.bss....0. ..`........................`..edata...?...`4..@...*..............@.0@.idata...%....4..&...j..............@.0..CRT....`.....4.....................@.@..tls..........4.....................@.@..rsrc...x.....4.....................@.0..reloc........5.....................@.0B................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libcrypto-1_1-x64.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3310872
                                                                                                                                                                                                            Entropy (8bit):6.1327393024684795
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:mEVwASOnMIU6iW5GtlqTv2bAAO370ULehMxsI44Rk7ja0RyP6TvA+XfU1CPwDv3Y:hj+W3Z2aUVTvAz1CPwDv3uFh+
                                                                                                                                                                                                            MD5:7C8EEE743CF8259BF625674E41077B79
                                                                                                                                                                                                            SHA1:EE7CF802B28B0D55984BF18D03B51860B3E06F8F
                                                                                                                                                                                                            SHA-256:F4E11312599CE5EDEB29F6B026CB668CA3C50C263471B56B5551D3586AD014DD
                                                                                                                                                                                                            SHA-512:B2F9843983CFE5D5EC51A81776C200A9A2F62366AC6A243967D3C0FA017BA86802F2AEC3C0665DD73EA2A19BE132F02987FBD8FCE7CB8AEA30A8BDA2F0289E1D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;...........v.-.m..D...}..D...|..D...u..D...u......t...........b.........~...A.~....~..Rich...........................PE..d....u.^.........." ......"..........n........................................3.......2...`..........................................h-.mg...:2.@.....2.|....`0.....\2..)....2..O....*.8.............................*..............02..............................text...7."......."................. ..`.rdata..=.....".......".............@..@.data....y..../..,..../.............@....pdata.. ....`0......./.............@..@.idata..."...02..$....1.............@..@.gfids.. ....`2.......1.............@..@.00cfg.......p2.......1.............@..@.rsrc...|.....2.......1.............@..@.reloc..tw....2..x....1.............@..B........................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x64\libssl-1_1-x64.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):668952
                                                                                                                                                                                                            Entropy (8bit):5.56608335889636
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:/Y1P32jyJMze8mAcZjAoBcY+s31L9uK4hR4FPdWKRMccMwJ/s9U2lvz:ve8mlbBcY+KhYrhMwJYU2lvz
                                                                                                                                                                                                            MD5:44E16985CFFFF9380F553CD24D124EAA
                                                                                                                                                                                                            SHA1:394D4229DB4B229AA5C07FB542150D37542516DE
                                                                                                                                                                                                            SHA-256:846A200C8F9E0A20CCA2AC6D9DBC5A73B354A4F539AE1B99074C9955510AFC30
                                                                                                                                                                                                            SHA-512:0EA07D122B20A1DCAD3C856F67B6C757A63E593BE499044C56BCE253D28EE9EB540A85872CDCFF7157D601BED84A1EEBA714833C83EC0DF51FEEB5FFEF292598
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]N..< K.< K.< K.D.K.< K.b!J.< K.Z!J.< K.b#J.< K.b%J.< K.b$J.< KEb!J.< K.<!K4= KEb$J.< KEb J.< K@b.K.< KEb"J.< KRich.< K................PE..d....u.^.........." .........\......}$.......................................p............`..............................................N..8........@..s....`...P.......)...P..T....$..8...........................0%..................8............................text............................... ..`.rdata...0.......2..................@..@.data....M.......D..................@....pdata...Z...`...\...0..............@..@.idata...V.......X..................@..@.gfids.. .... ......................@..@.00cfg.......0......................@..@.rsrc...s....@......................@..@.reloc.......P......................@..B................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swresample-3.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):443160
                                                                                                                                                                                                            Entropy (8bit):6.5979594970111615
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:dQ+kly145LnrfH/XqqPGFTci1WC2li9XFSJr12y0d4Ghtcuot:unlyaPfXPuT1HyJrYdg
                                                                                                                                                                                                            MD5:39243818BF06F192DE2941A378F46DE1
                                                                                                                                                                                                            SHA1:E692EDC0FCAF27DAAEEC23255D11B041F516BFA7
                                                                                                                                                                                                            SHA-256:2D7226137808E2A059A9EF929BD2EEFCD9F3DAC5C740855AEEC855C34A0D4426
                                                                                                                                                                                                            SHA-512:5F81752E6EC918D2CDEDF0BB7339952EEB764C9E825ECACDB413F33A0A66833B3455AA130E4C291C63E4AC9034031A2902996D1C5D7B44C2B8EA6B2C5560F578
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...$.........R..P...............................................P.....`... ...................................... .......0.......`.......p..L........)...p..@............................Q..(...................@2...............................text...............................`.P`.data...............................@.`..rdata.............................@.`@.pdata..L....p.......D..............@.0@.xdata... ......."...Z..............@.0@.bss.....Q............................`..edata....... .......|..............@.0@.idata.......0......................@.0..CRT....X....@......................@.@..tls.........P......................@.@..rsrc........`......................@.0..reloc..@....p......................@.0B................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x64\swscale-5.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):579352
                                                                                                                                                                                                            Entropy (8bit):6.5967210076865594
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:7GvN1RaVaB3ct9DY6m0D0plE+Mb222+j5t9opFrybN1kmONjkvUY:7GvNiww+hMb2219opFrybN1kmONjkMY
                                                                                                                                                                                                            MD5:7A3B9C0DA3DFF00D6C1B2D925590C6E4
                                                                                                                                                                                                            SHA1:50D74C012A7C3F7436E244B4D92FBA3363473E7C
                                                                                                                                                                                                            SHA-256:4C99C47227265DF67F340A3A42BF0B5482935519801D3488AF43315141497C18
                                                                                                                                                                                                            SHA-512:0FDB7430009F884C0F59F6969E55FE592C1068A7CCCAF1767C6F4649104460DAF35C43B7F8A84D93F59DF941DF02BEA63DEDEA8DC777A3887085D9C4C42F4DD8
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...$............P................................................i....`... ......................................`.......p...............`..<'.......)...................................5..(....................q...............................text...............................`.P`.data...............................@.P..rdata...a.......b..................@.`@.pdata..<'...`...(...8..............@.0@.xdata..H5.......6...`..............@.0@.bss....`.............................`..edata.......`......................@.0@.idata.......p......................@.0..CRT....X...........................@.@..tls................................@.@..rsrc...............................@.0..reloc..............................@.0B................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x86\OnvifClientLibrary.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):617752
                                                                                                                                                                                                            Entropy (8bit):6.365306354598584
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:m5iNe9qJewEisecAEJrt6D/vlDcjRW+puJtKbcn:m5iT41isecAEJrt6D/vlQjRWRJtKbc
                                                                                                                                                                                                            MD5:B951468C676A88FD291BEAECB742A451
                                                                                                                                                                                                            SHA1:AE104A9010B59194E0C795CCFBE64E1DE4507816
                                                                                                                                                                                                            SHA-256:3313FECB3D31417CD361D74163966ED29C6BAB0F608F76AEA2B29761C8C56706
                                                                                                                                                                                                            SHA-512:8C7FCE2D659153AB91EFFF25BA9C8850F8956BE6D4DECEF369B53ED2218D4111E8824FB68CDE720411571EE32058155A64FA6D7D1655D5BB85818C01EC25C865
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............dtG.dtG.dtG...G.dtG.:uF.dtG,:uF.dtG%.G.dtG.:wF.dtG.:qF.dtG.:pF.dtGf..G.dtG.duG.dtG,:}F.dtG,:tF.dtG):.G.dtG,:vF.dtGRich.dtG........PE..L.....5_...........!.....................................................................@.........................p......\y.......0...............D...)...@..4O..`...p...............................@...............(............................text.............................. ..`.rdata..R...........................@..@.data................l..............@....gfids....... ......................@..@.rsrc........0......................@..@.reloc..4O...@...P..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBCamFilter32.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):207128
                                                                                                                                                                                                            Entropy (8bit):6.6689423827249215
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:VyrTSxfuvVlCcUfVVVVu1YFoT+V0y7DCcW1VoV+EoVKeUTP6cOAa2Md:UWcaVzuJT+37DOVorreUTP7Y
                                                                                                                                                                                                            MD5:38981F0FFD2C554C7E405C7453C9F5F9
                                                                                                                                                                                                            SHA1:7E9E36D8CA106ACB0C06C406F6DA670C0DBD7374
                                                                                                                                                                                                            SHA-256:63C9134D9C2F7FC96CCB7BABFDDB2737DA735A32FE9C4A0D2C7A3C7C2C639344
                                                                                                                                                                                                            SHA-512:7C6C298A8EAE7DD3F06A7C40901CDA888401AC86D09F49EA2061B593B97CA8A96D8D69716F4A9DDCDCFBAFA342478E1F49450A583FD1ABA58E7215EB67D2D3F3
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......}.a.9.._9.._9.._0._).._...^;.._..._:.._...^0.._...^/.._...^2.._.]._=.._.]._8.._...^;.._9.._'.._.]._(.._9.._.._...^&.._...^8.._..._8.._9.._8.._...^8.._Rich9.._........................PE..L.....\e...........!.................O....... ...............................@......`...................................................X................)... ..........T...........................X...@............ ..X............................text............................... ..`.rdata....... ......................@..@.data...............................@....gfids..d...........................@..@.rsrc...X...........................@..@.reloc....... ... ..................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x86\SBRTSPAudio32.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):102680
                                                                                                                                                                                                            Entropy (8bit):6.753605449946456
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:8Pv93vGQqmcKJbPhs4UZ2o4SM44VAajjHkzTNlEuWQ8OmHIpQ4GkqErw+4tmO6Xg:8N34mcKJbZCeAyDkKQ8LsJ4tmxXaMs
                                                                                                                                                                                                            MD5:F275329264A070699419C7D5571B90A5
                                                                                                                                                                                                            SHA1:3A51CF422374E11A7265AB7971D6985ABDACD366
                                                                                                                                                                                                            SHA-256:AD416F886B17E49FC55A1CDD64645A91BB5357983DB111A6B3F6A0CD0222C170
                                                                                                                                                                                                            SHA-512:DE23193179313171C6E2BD7CD23E811146412C975D8999C0C9464081884BAA9FC2FC52EB4201FBB68D80A9A89761E7D839C827E83BC6413BDAFE6D7D49BDA686
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#.Q#.Q#.Q*./Q1.Q...P!.Q.J{Q!.Q...P&.Q...P?.Q...P..Q..sQ".Q..wQ2.Q#.Q..Q#.Q5.Q...P<.Q..CQ".Q...P".QRich#.Q........................PE..L...8.\e..................................... ....@..........................0............@..................................R.......................h...)... .......K..p...........................`L..@............ ...............................text.../........................... ..`.rdata...A... ...B..................@..@.data........p.......R..............@....gfids..P............T..............@..@.rsrc................V..............@..@.reloc....... .......X..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avcodec-58.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):31070488
                                                                                                                                                                                                            Entropy (8bit):6.655668683463991
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:393216:MVbJv2NcGjFg23Xs0qUANf0//O5U0zvhkHxc3gSEkSa0Lpb/GdMX:MbKjHCkO5U0zpkHxcHwYdM
                                                                                                                                                                                                            MD5:05B9514AF25CF75B03F43DE6D96C5E9F
                                                                                                                                                                                                            SHA1:1BD340842820CC8164EA397E521960A9A892B941
                                                                                                                                                                                                            SHA-256:20CBFE3DEC890C0189C9487F2071696E7A483E6356B766DC4F6A2216BB1C5C39
                                                                                                                                                                                                            SHA-512:8E160C16CA02C160D82C6477D013E9EFC09F252AC5C43DC33A8CA86730B6D604B65CA2E76FB8C4D38333383C00ECCA9003838188F4E29B0C2DBDAEADE8E1AC0B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....d|..6................|..............................0v......C....@... .......................n......0o..3....o.P................)....o.............................$.......................d7o..............................text...T.y.......y.................`..`.rodata.......y.......y.............`.p`.rotext.......z.......z............. .P`.data...P.....|......h|.............@.p..rdata...jS..p...lS..:..............@..@.bss..................................`..edata........n.....................@.0@.idata...3...0o..4...(..............@.0..CRT....,....po......\..............@.0..tls..........o......^..............@.0..rsrc...P.....o......`..............@.0..reloc........o......d..............@.0B................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avformat-58.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):5892888
                                                                                                                                                                                                            Entropy (8bit):6.443008829846382
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:98304:HyFLLyoBzl9R5Vr3jEx06Jz2kBtDR4BsZ/rSukHuCn73jTyReZZFloHEnKEECn9n:HyFnyoRl9R5lAx06JDBtF4BsZ/rSukH/
                                                                                                                                                                                                            MD5:40BC06BF950B02FC8F90C4D475B22D8D
                                                                                                                                                                                                            SHA1:38BAA2A2D32A0282EF60BEE0DE369D578143B546
                                                                                                                                                                                                            SHA-256:88F33F70D3F13E723AAFAB0319CA6AE3ACC17A593396F78B2814638D4124C5F8
                                                                                                                                                                                                            SHA-512:3B744FD9B7E0D6F10164DFA53BA362422AC0E8EFF53A2C910C1E5B7A1538B12F116A65E13EDF41DABB07874002773D5E904C14A8538533A6151CF0F25954B485
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#......E...Y...............F..............................@Z.....d.Z...@... ......................@W......`W..H....W.`.............Y..)....W.H^..........................l.V..................... jW.X............................text.....E.......E.................`.p`.data...D.....F.......E.............@.`..rdata..4.....F.......F.............@.`@.bss.... -....W.......................`..edata.......@W.......V.............@.0@.idata...H...`W..J....W.............@.0..CRT....,.....W......ZW.............@.0..tls..........W......\W.............@.0..rsrc...`.....W......^W.............@.0..reloc..H^....W..`...bW.............@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x86\avutil-56.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):679192
                                                                                                                                                                                                            Entropy (8bit):6.515209418685365
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:9+T88wHM+RsWJWYYzVzJnCOO5/vY75Ash6HM+RAJgAniCkqm:9+oPHM+RsCRYGDY9Ash6MJgAgN
                                                                                                                                                                                                            MD5:50B756465A94C5F7321BB426BEA0740C
                                                                                                                                                                                                            SHA1:02805B98C397F3340553DFF718B5F45519DA030E
                                                                                                                                                                                                            SHA-256:722BF214781104DF41EE2EDC92B932B07FC9DFB6C60B7A2B235F49B737CC3B02
                                                                                                                                                                                                            SHA-512:D7608F21F3549DE6634E295AED77BF3F738D2E3DC84ED53DC74A50B6D231D104682D8B64507885E617F36FB99C15BAF350B985B89E756EDFA773CE6790A823D3
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.........0.......................................................c....@... .........................7<...........@..H............4...)...P...@...........................z.......................................................text...............................`.P`.data...(...........................@.P..rdata.. ...........................@.`@.bss....`.............................`..edata..7<.......>..................@.0@.idata..............................@.0..CRT....,.... ......................@.0..tls.........0......................@.0..rsrc...H....@......................@.0..reloc...@...P...B..................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libcrypto-1_1.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2434328
                                                                                                                                                                                                            Entropy (8bit):6.265956298627825
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:DQ1VVA2kTpvTDuW8VNd1CPwDv3uFh+0nUx:DQ1Vu5DuW8fd1CPwDv3uFh+04
                                                                                                                                                                                                            MD5:3F307DA65A9EA8A2A4077793ED3EA683
                                                                                                                                                                                                            SHA1:17DBDBA7AC8C29D3E54EADA2CA51F6B3BA3AD42B
                                                                                                                                                                                                            SHA-256:2A697E118B5FCA7A445D228767E7976024F8ED00BEFE385B285885BE0677684F
                                                                                                                                                                                                            SHA-512:30A672DF6EFEDF4CD31BE5DDEE969E34BD4CA79665CEC24B4DD559424133A0C1A735802466C9028C3154CB7D733DBB0CEB15E4597C3BAADB67BFF7027F501CE2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#..eg..6g..6g..6n.L6s..6\..7e..6\..7m..6\..7m..6\..7l..6...7l..6g..6...6g..6q..6..7...6..7f..6.. 6f..6..7f..6Richg..6................PE..L....o.^...........!................E.........................................%.....]^%...@...........................!.hg...U$.T.....$.|.............$..)....$..... g!.8...........................Xg!.@............P$..............................text.............................. ..`.rdata..............................@..@.data....Y....#.......#.............@....idata..J....P$.......#.............@..@.gfids..%....p$.......$.............@..@.00cfg........$.......$.............@..@.rsrc...|.....$.......$.............@..@.reloc..D.....$.......$.............@..B........................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x86\libssl-1_1.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):515352
                                                                                                                                                                                                            Entropy (8bit):5.814347932090284
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:/J8sR6fYGsTRZ9vpHvG9ZiBgp/GidLzVaU2lvzXE5://Xsf8WaU2lvzXE5
                                                                                                                                                                                                            MD5:FF2683B115DEDBD238C80B3A7D776E6E
                                                                                                                                                                                                            SHA1:530C8D6B879806F6CE0E2FF84491A0AB37A16B2C
                                                                                                                                                                                                            SHA-256:E805797966BB89752DA2085DEEEF00873BEBB06197E2E0EF5135CD840045C016
                                                                                                                                                                                                            SHA-512:3458F28461B761B7BD7FA74344DC6DFEBACFE241AED18BDF4C2C8429B3A88B4D63B2F39EAC40464E0DD2E2EBADE3BF6A22E289484F875166A3D6390DEEE6A567
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{.7..xd..xd..xd.b.d..xd.Dye..xd.|ye..xd.D{e..xd.D}e..xd.D|e..xd9Dye..xd..ydL.xd9D|e..xd9Dxe..xd<D.d..xd9Dze..xdRich..xd........................PE..L....o.^...........!.........0......................................................Uq....@..............................N...Z..........s................).......3......8...............................@............P...............................text...y........................... ..`.rdata...i.......j..................@..@.data....;.......6..................@....idata..3A...P...B...*..............@..@.gfids..%............l..............@..@.00cfg...............n..............@..@.rsrc...s............p..............@..@.reloc...:.......<...x..............@..B................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swresample-3.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):334104
                                                                                                                                                                                                            Entropy (8bit):6.680975375210224
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:BNfWE1yQKJdyKqIi3AhrX49fCWM1xiWs7hjy+NY9S+yCod7yHVWjtEjPFpHEP/nN:BNfWE1yQKJdyKqIi3AhrX49fsxuu89C0
                                                                                                                                                                                                            MD5:58B7277716A6812CC481D5BC62BF8D8E
                                                                                                                                                                                                            SHA1:49BFB0A2786386D70AA8B3C4CAD25991C350AD6A
                                                                                                                                                                                                            SHA-256:3FAC4BEB258BC6358B1FB5F138C62C53FD2A6EEF42CF7F243AAFE303FB950038
                                                                                                                                                                                                            SHA-512:C58B13B70A715A7F4AD73DE346B62FD7A6572D5CC7766979904023563E6CAE907DF40F4EA51C92219956128AF4CF98D8AAB975F4DD0404A369A4AF0ED84114F3
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....P.......T...........`............................................@... ......................@.......P..t.......h................)..........................................................pQ.. ............................text....O.......P..................`.P`.data........`.......T..............@.`..rdata...g...p...h...X..............@.`@.bss.....S............................`..edata.......@......................@.0@.idata..t....P......................@.0..CRT....,....`......................@.0..tls.........p......................@.0..rsrc...h...........................@.0..reloc..............................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x86\swscale-5.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):524056
                                                                                                                                                                                                            Entropy (8bit):6.610719737339322
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:Vvwyqf/9FGgiw8ed+wya6khNyY6DRmx51JT6cZijgkiiMiiiiiKNrrrrrrrrjkiE:VYLf/9FGgiw8ed+wya6khNyY6DRmx51I
                                                                                                                                                                                                            MD5:61039AA3B9B69ADD129278003C69ABA2
                                                                                                                                                                                                            SHA1:6A7EE14BBDAAB5001FD318B1BE7D7505EC602A9C
                                                                                                                                                                                                            SHA-256:732B526DF658AA22A1F38E51873600CBAD8C11050C92D9F9D1866847D77F3CA6
                                                                                                                                                                                                            SHA-512:103D01339E9FE8590C95C1085818A9EAAA161EF3DB490A03DCD7E9740DB03A58C5BE3AB48118FAA3A00AA04DCFDDDEE3F28E64E0FF05AA0512CFF1E59F9FB822
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....X...................p......................................9.....@... ......................P.......`..........X................)......,#..................................................<a...............................text....W.......X..................`.P`.data...H....p.......\..............@.P..rdata..(?.......@...^..............@.`@.bss....d.............................`..edata.......P......................@.0@.idata.......`......................@.0..CRT....,....p......................@.0..tls................................@.0..rsrc...X...........................@.0..reloc..,#.......$..................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacdisable.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):22808
                                                                                                                                                                                                            Entropy (8bit):6.651506432431069
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:zwmfOy4CLLTkOJFIQVgojDV7VIYiQ3SDAM+o/8E9VF0Ny0vd:Emf14CLnkAViYiQKAMxkEc
                                                                                                                                                                                                            MD5:6209B31C5BC27F4B116E3A8687C7C823
                                                                                                                                                                                                            SHA1:A6D7FEC24E0E9E3524C29CCD5AFD81E10DFDEFEC
                                                                                                                                                                                                            SHA-256:C7B92DCFC26AAD98D61610C34F507E147AFB36EA95D5282832A766A7C5E2787D
                                                                                                                                                                                                            SHA-512:9559BDF4D86E9C29162720E590E5C806A500519A1321F6AF63FA5F061737736BFAB8C04D56C4D7C506B67FA0D6DB18E74190ABA2D60179E2F475C4BE16E042BE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........B..v,.v,.v,....v,.(-.v,.(/.v,.().v,.((.v,.e...v,.v-..v,./(%.v,./(..v,.Rich.v,.........................PE..L.....\e.....................................0....@.......................................@.................................D9.......................0...)...p......`5..T............................5..@............0...............................text...}........................... ..`.rdata..^....0......................@..@.data........P.......*..............@....gfids.. ....`.......,..............@..@.reloc.......p......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Filters\x86\vacenable.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):22808
                                                                                                                                                                                                            Entropy (8bit):6.652116338062216
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:EwmfOyUCLLTkOJFIQzRjDV7MIYiQ3MNhMNJAM+o/8E9VF0NyN1lOR:xmf1UCLHkADdYiQ4haJAMxkE5l
                                                                                                                                                                                                            MD5:C71620884143DCA41EF44CAD8C36F444
                                                                                                                                                                                                            SHA1:B5CC38FF1495D17FE99355592210A0312393C1CF
                                                                                                                                                                                                            SHA-256:E53AB2877112816B489490981FF40090B1C5F1372E10DB68F5910E1CE4BA4077
                                                                                                                                                                                                            SHA-512:2A7BC94CBB24C8D002247F2A677038E6CF2386788093183E1D0C524186CD4136C6D3EA8122C0D177C11734DF67BA0828149EA0DC2278028BC95EAC2FB39CF3DD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........B..v,.v,.v,....v,.(-.v,.(/.v,.().v,.((.v,.e...v,.v-..v,./(%.v,./(..v,.Rich.v,.........................PE..L.....\e.....................................0....@..................................3....@.................................D9.......................0...)...p......`5..T............................5..@............0...............................text...}........................... ..`.rdata..^....0......................@..@.data........P.......*..............@....gfids.. ....`.......,..............@..@.reloc.......p......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Fizzler.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):45336
                                                                                                                                                                                                            Entropy (8bit):6.159051703653013
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:u6EWL7brtn44Esp4/S3d4WiQCijG6FWd3VmigYOIlS8YiQvAMxkEx:TECrt4I4/S3dHFyyW1O/87Qvx
                                                                                                                                                                                                            MD5:5D8EE58FF601EB80F129A053161F8506
                                                                                                                                                                                                            SHA1:67BE3A9A570B87EA3C279CADEAECB7B220DC4A26
                                                                                                                                                                                                            SHA-256:47196A1F7A9E7A5C8B87996F65A229F4F89DAF50F0FC54170B15A03959240520
                                                                                                                                                                                                            SHA-512:B79440C7A904D1E74981EAB54E32C1A31D68E77A1F6E09DA1E862C28FACE79A02292E93291F06CE3360CD4E8F2DA80E48BB528C160E0FC8B6B11A74101BD9B22
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..~............... ........... ....................................@.....................................O........................)..............8............................................ ............... ..H............text....|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......PH..LR............................................................(....*..s....*..s....*"..(....*..{....*"..}....*..(....(....,..r...p(....*..(....r...p(....(....*...(....o ...(......(....ry..p(....(....*...(.....%-.&r...ps!...z(....(....*J.r...p.("...(....*2.r...p(....*J.r...p.("...(....*J.r...p.("...(....*J.r;..p.("...(....*N.r...p..(#...(....*N.r...p..(#...(....*N.rM..p..(#...(....*N.r...p..(#...(....*N.rL..p..(#...(....*N.r...p..(#...(....*2.r"..p(....*2.rx..p(...

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Hardcodet.NotifyIcon.Wpf.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):107800
                                                                                                                                                                                                            Entropy (8bit):7.3326332611384215
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:Mn5VJM3T5szyxa9PuIKb8wmtyYVzH0cfNbQSi/GoP4YNjZ34d7Q7x4:MWsEa9GIdyAUKWeYNl34dM2
                                                                                                                                                                                                            MD5:C323D8F5D290C283E447DA70DAB925D7
                                                                                                                                                                                                            SHA1:EC94A830DFC2D3CFBAF9013252AE85A360DD6908
                                                                                                                                                                                                            SHA-256:F6CF3ED7BD6AED254365A3CEEF7776C6597D1B1E0970C3448A6E406105178D1A
                                                                                                                                                                                                            SHA-512:E4D05C9A6316FCFAAA6B37EC96F126BFB95F802E32EA0E2D3B31776001636444071B19D40793B7831D32E1249F4A05FF9CE874416C4B084DB16A7C0735D58F4E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l.g..........." ..0..p.............. ........... ..............................WE....`.....................................O....................|...)..............p............................................ ............... ..H............text....n... ...p.................. ..`.rsrc................r..............@..@.reloc...............z..............@..B........................H........O..|w..................,.......................................V!.)1......s.........*...0..$........u......,...o....*.u......,...o....*.0..&........u......,....o ...*.u......,....o!...*...0..&........u......,....o"...*.u......,....o#...*B.(Y...-.(....*.*..{!...*"..}!...*>.{....o.......*.0..9........(*.....($.....(......,..o%...-..,..o&...-..,..o%...*.*.*....0...........s'...}.....((....(....-..s....+.(....}......{....o....(....}.....(!....{...........s)...o.....{....

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Hardcodet.NotifyIcon.Wpf.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):130362
                                                                                                                                                                                                            Entropy (8bit):4.60579511535411
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:9rmrlEFROJHshjRXELhwgUgVJDcqpFEnzPTE9ab2ATsoJcYbOQDfrP7:lmjJy
                                                                                                                                                                                                            MD5:92ACD7769E2EDA756AFB18746CA7F875
                                                                                                                                                                                                            SHA1:801DE8CCB30816A499EEB307B2077614C54FEB2C
                                                                                                                                                                                                            SHA-256:CFD36E262B2F28FC37088965CDC82E58F2D18CBF469242451B1CE7811929AA62
                                                                                                                                                                                                            SHA-512:A96D6249A5B6C23381012E88AA6DB5390FD180FE03E8F3D45C1AC17292EB2CC7135244A6AF474BFC63253A258F622739FF4203A3E0E020D2090077A425B52F6B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Hardcodet.NotifyIcon.Wpf</name>.. </assembly>.. <members>.. <member name="T:Hardcodet.Wpf.TaskbarNotification.BalloonIcon">.. <summary>.. Supported icons for the tray's balloon messages... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.None">.. <summary>.. The balloon message is displayed without an icon... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.Info">.. <summary>.. An information is displayed... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.Warning">.. <summary>.. A warning is displayed... </summary>.. </member>.. <member name="F:Hardcodet.Wpf.TaskbarNotification.BalloonIcon.Error">.. <summ

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\HtmlToXamlConverter.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):85272
                                                                                                                                                                                                            Entropy (8bit):5.825985821743684
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:8tshsMzA488PhOOUtUeOQiUDMM7o+fxrexgyn7ehoYfypP5JlV+ZkTjjuK4M0Enm:8Whs4A48AhWUehougjf4M0EnGlSCMk
                                                                                                                                                                                                            MD5:1DFA8600F8DD9D91E1491F37ECBE8B71
                                                                                                                                                                                                            SHA1:46B0B840F0616AF68F6491736D912E55BD2CBF60
                                                                                                                                                                                                            SHA-256:BAE5D1CCD2C00294995B851060A68D804BAD34A88F404F4A6334A391B682F1AD
                                                                                                                                                                                                            SHA-512:F896736C31D6CF533B55FCECFEB76BEB755475BA0270FEA5393AA96D227DC4E1482001655BF6A9419A7202E514E5414AABDD0EBE7F9E2D5F34335FD1A5D7633C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....U.........." ..0..............9... ...@....... ....................................`..................................9..O....@..,............$...)...`.......8............................................... ............... ..H............text........ ...................... ..`.rsrc...,....@......................@..@.reloc.......`......."..............@..B.................9......H.......D................................................................0..'...........o".....r...p(g.....-..+....,..,..r...p.(....+....9.......%...%..;.o........8..........%...%..:.o.........i.@........o....o..........o....(h...o...........(........ YD..B...... Xb~=B...... ..N'5[.. ....5).. ...;...... .#..;...... ....;y...8...... 72R.;...... ?.. ;0..... ..N';....8...... .p.05).. S{:,;>..... ....;...... .p.0;....8...... .O.45... E..1;z..... .O.4;....8...... ..m8;...... Xb~=

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Camera 01.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 270 x 141, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3792
                                                                                                                                                                                                            Entropy (8bit):7.887872121533211
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:K/ezW07/wGkJ1K2sSc6ajjoEvfeKDIsqz4Td3bY:K/ezW0rwGkLK2sSczoEnTqCBbY
                                                                                                                                                                                                            MD5:C0EB03BD8E13870C565F248DBE9ED151
                                                                                                                                                                                                            SHA1:0FA4A9C75226C7B2518ABDE64DD86A7AC763275D
                                                                                                                                                                                                            SHA-256:BD5B34736676BDAE09096204173C7AB70DCED1E2B34BF7B9FDBD1335FB27AEE5
                                                                                                                                                                                                            SHA-512:C7D15675F272DB28BFFDBEFAB6F8B701855865EF7FBEDC1F44AAF7A56227A9D5279D59AB00FDD30BDCD050C9D3C03AC0FC98E26D24C6F58FE3E628B6B400C2EA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.............F.g....pHYs...........~.....IDATx...u.L...+...0..x..PA.....*.T.......R.v..;..._.l.pl..Is........x..9.g...I...Y/I.>.B....B......j8HWM.Tc.1.g.I.\@$..ySBH..!".. .6..c6.^$Ir..)..D...$I..p...:.J.A. ..lD<....p.H2.`.r....l.0j...C..-..B..or...>T.1.g}..+^/..-Kqph.0F.hd<...........>/.O..!.C.z.....;..q-(..t..y...<N.....i..q.../..!.-.Sx.@.75>..kw..c.c6.......XL..tR.......@.'F5D..p.^....p..(.]..X..).K.......g.|w]...U.\.O.Az.......3Y..-.....^...xUf...R46P#..!-.k......<...........!-...x.....*P...o....]....r.yn......o..A.5..;=...0....).XJ......7....v...c.[,=... ..d....A.b......'.@...n9.......)d...v...k.. r...g......7..\{..C..D8.N$n,.,...t..G...y.!.._.M.A.HP..m#.b..q;....W.4....8...Hq%..."...c...........=....}.5.......w ..[.O.^.phC.7.Az.UG<......[>._ 4.G.l..Rz..O,.).iD.......... ?b.q.."n...........wR....# .e...Z.r...au./.... u...}..3....J8.p;...W.5j.n..F..@h.......=l6......5n#.$.5.7..G.<.....%..\W.:y.B..F..).9J.....h.#k.."XO>......

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Camera 01b.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 270 x 142, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3849
                                                                                                                                                                                                            Entropy (8bit):7.913354664814746
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:MwOPIaDxEIwm+R0wss6Vdxv53GW0etLNlUwgCLkz:M4wZwmu0g6jB5350epDUQkz
                                                                                                                                                                                                            MD5:D588CD052DDEF0FBE7445AF3DDA6460C
                                                                                                                                                                                                            SHA1:22A72DE52921597B37F39116F6DE38BD9B31E0BE
                                                                                                                                                                                                            SHA-256:4E9EBA27AB7A940105559D2E6C2C75F81D13DB14868E17FA510255AB90EE04CB
                                                                                                                                                                                                            SHA-512:8560B3BDF3CD428AFB9E23D734CF2609110DC1DB0FF9DA9D087AACB6C54F45EAB2DFA706806B192EFA0077F10B47FE44D34895A06DC07DD9963C40959C7E6EF7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............v......pHYs...........~.....IDATx..r.V...=.i_...+.=.n.........6M.+.t....LUL........C]A.......v..B.(..;........D..y^|...eY.\...K..@)..%..a..z._g...WlL8 .Gxh..o....:.+..x\5%$..#I..Rj..z....B.r....F.y...,.I.i.bB..V.-....b-.I..(..J......zn w6...._N.l...E...@.............B..r......Q8 .z.t...!;.Rjh....E......k.+[...AHg1..^..4$..k{..!.-.x..`.B.N6.p.....O._p.p.t6.-*...R.$g.a..+...7Y..3.@....-.P.W...{....Qe]...<6....s.$...!.......of....'.4._,.z>....a!..$i...G.}WLO_..<...8.h....fO-O..6<Z....Z.;..i[.[QI...hu....4.z6...s.>....1D.%..-....H_..I.8..i>...p.i.U.d.e=.#.....rC.m..1..4...T.....m....nm.z..+.+...{...5.k}.../..X.6...{.W...e..*.D.x}..m..$.....N.L,>3.j..(.G.o~|hs3I.).....F.}...B.0.ID`M_..h.........i..P.0lc.9......}..........xH.....m...s...@".2.>.C%...F.8...,y...o...>C<.{^.'..?W/m..ol`..&.,.e!.C....\.....y.H..y.y9...5.C.s'..AY?.u(..h...=.`...@`. 8+.4..t..b.7.>t.:n_.!^.6.A.P....b1q..Wa`..."bk......$,V..._....Dc....=........

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Conf 01.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 222 x 178, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3091
                                                                                                                                                                                                            Entropy (8bit):7.748757104260975
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:Ozr3tf7ZmN+YsCUvG6Xe0JP1nTcHxzcdDyk:Of3tf76RsFNP1TcHdcH
                                                                                                                                                                                                            MD5:762CB6652C46433C45923C206A084D36
                                                                                                                                                                                                            SHA1:17C7535D398938AC7ECE0B282F7DC2546671F88C
                                                                                                                                                                                                            SHA-256:2C2296A114FD628439AABF48407F8CD8E004EF050AD80738FF2153174826D839
                                                                                                                                                                                                            SHA-512:CF939CC195BC551719FA9908826EF8E9E5E5B594BFB2801FD96DD7C9FC1FE78438AAE101B4267B311268FE1E21140D61906EA7A94B8DDEA2AF5300F55159AED8
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.............-Qq.....pHYs...........~.....IDATx....q.F...'..T`..1.....A...T`..K...z}8.. b..+.X.nV.@.Q...v......C ~...7...f..(3cL&.....HS)g].Y9.7p.^^.sc.1..7.....s...^...mi.y..Z...S..v.//.w.8J8..[..C.'Z...........YK..>..<..-.O...`......W.....sO../l.&.i..~...G^.:....../......s.5..:.l={.jJ..;.....Y/..\o ..=.x2^.....F:c..M..3..?..Z..._._......^n.....iV....L.....U.\'9......A..y^.K...)xU..%xkB...da.p9...Vz3]..........'.O.x.....].....4[....&M3W..s.4s.k..x@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P@.....P...==yQN.1.1?f..._......Eyj..4.d.....Ei.....4.f....W..jF,/.wyQ^.c..c...]..........[..^...+%p}..c..E...=.k.3......K.....s*USD../N..U..j*"D."#m..........!x.Yx>#..../"yQ.=T1.}..%>./..:C.d....K......<@.....<@..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Conf 01b.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 222 x 178, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3352
                                                                                                                                                                                                            Entropy (8bit):7.781478018163998
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:Hybzkz9CNucIWyG2QWoolFbISVkcarNQrFdQWr2LuU8NSuNyGwTCBPP:SPkXc/0tlFK/6rfQWr2K3N2GwGNP
                                                                                                                                                                                                            MD5:E1DC2FDCC0BEBDA25870370810AEC056
                                                                                                                                                                                                            SHA1:449DD99E8E57DAB2B3F7BDA5A526D9438216DDEA
                                                                                                                                                                                                            SHA-256:0FC418DF00D31D577D5118F7E99C521D3E9B34E3E2B018ADF6BF196E2CFC6BF6
                                                                                                                                                                                                            SHA-512:89D3B1549C0FCC051BF8D742E3878CDEEC41B40C9605C1E24787C7033F56579A33F5FA9F22BB9B480F0D5D2DCC3C325B45F7D5B565120E87BDFAD096588EEE85
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.............-Qq.....pHYs...........~.....IDATx...Oh.....gBon.{.oVh.)`..B.K.u..i......P..|J.-UJ.-=D....".....J....w..Kq.u.O.Hr.WyF].gf....~`...h.......>..y.]$Y~ND..u..F.0=........U.,_..5.Y....4.....q..is4...nCDn..@.m..&.|a..$Y......3..<......=...J{...[..{...i.v...zq..+e.{..I.....j.N(..."t.`.j.N8..$..E..m...f...=.^..0.Y.....,..{.W.uB...f.......n_.c:M...sNgn]..i......s...k.....4.v9r.h.,_......7.8.*...-..x>A..._.,..~...o../.T=....f`E3..Q....p}.-~..R...|...._..t..:...X..:a..m..j.....0.... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..... x..........$..'".".|sb..E..K../..N. x......7*....~.d..".....]MO%Y~!..D...Ms..s..[..v! x.r......+...F.....G.....|...I..;...:..$.o...M.I....v.........D...0..y$...Hi.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Conf 02.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 222 x 148, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2663
                                                                                                                                                                                                            Entropy (8bit):7.8546722798230695
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:bloa1dM5gHSWa2YbzMdWPT9AVVgDgbgpHUE527KO2l/+Gv7xM+kqWiAVs8GD:bloaXMqyVFbzLPT9ajbREc7KO29JM+kM
                                                                                                                                                                                                            MD5:595E7237E9B0781E215FF9AC84277812
                                                                                                                                                                                                            SHA1:3892A426B859C01F72AE5896D0EABB8EA880D2FC
                                                                                                                                                                                                            SHA-256:E55EC67772DD38BD805FBEF833D89E9D59AB60C5A6FF5C5D3681FB18B57CF254
                                                                                                                                                                                                            SHA-512:A727B47A9D82FC188E337B7B6B431542001E018282DE835B15EEE0B039D5F68E35FE8E99D50CCC2B22D3F26D09706A3EC36B1D62141F44186BF9551BC9DA75D3
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.....................pHYs...........~.....IDATx...MN.H...h.{.....iV..h.N.j6p...9...*9.p.....}.INP.....".q.1..a..a..IH..$3..t..<??.Wi...c..1.~.~...@..,.1...cL>.%.m^.S..,?3..c..`...1....p.a..)p......F.6'M..5xi..+....@#O..b..o.^..Kyc.........|>K..~.6x.Z^.^........T.............iLW...Z9N..rk......H.<)?...i\w......,g..{.....@.....J...'..-..L.>NZ.m..s(..4..Zl...Ba.:.0e...h.~.;[..f...W}........gI....._.m-...2.y5.%,9..S.s..>.....Y.zb...i>K.....:o....^......2......K.B.='........ x@.........< ....@.......... x@.........< ....@.......... x@.....W.t.%..=..k6...X:Pk9.....z.f..NNN.8..pi..s\..CgXN...W......jz..z.Y.R....?0......*.p.s.E[ ..H../..q>.2......[.(jj..W..ll- ..hM..........r..1 xpfg'.,...."y..X.Z.i....hI...N#|.N..>..W..e..b...lF..X...tU.4..-..F..lS../.4..2^m.....U.]N.......W*....i]..?..p>K...].}..}=......y..u..P.Sl.*.<.{....R.z...kkv.....,W....,Y.Y~RY.8).k.1.|..I.-.......-ke..'..x..*............m.~(...............z.@..-U...Z..;...^....V...

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Conf 02b.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 221 x 148, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3184
                                                                                                                                                                                                            Entropy (8bit):7.8630900763236635
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:drWWpxOzppKlElCWBUd1ag5x1FgtWOrfZDGvNXGVruN5P19aLRFzsIMaXB8cbjbw:5WWiq0IqgrgtRRulGxY5P1Ozs8xVbjM
                                                                                                                                                                                                            MD5:F9D12845496D41C905CDFE83184D5FE0
                                                                                                                                                                                                            SHA1:C944C50F5F18733EE9B14AF920B82C520BEF7413
                                                                                                                                                                                                            SHA-256:4ACF83EB735FE18D1F966B6C041E1F21645CA49E98688AD7DD3B62E75B8C159F
                                                                                                                                                                                                            SHA-512:74177A75F62ABCD2A4180DC548BE047C5B48A647D4256F9C8CAC747B4F6C6B9FCFA35F88AE5A3CE954D92A06A992FD573761409F989EBA1BD4A0A145C4734518
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...............,.....pHYs...........~...."IDATx...}..g....\.I%.D.....)\..sA.B.^.8.V<..L.......%T.E.5..Bs...R.....S....W.......PmK.D.z......<......<..<.......^fw..~..<..R...........o3q.L.z....5.`......CB..4....q..6).\........Q.....].....8.^\.h..].(]......L...D......c.v.a.$......T....n..V.5Q!...n......Gd......5.}.E.c...i...KB.%j..#.j...,X...j.i.7Q)..a0.LM7..&*.....o.r...9/..DM6.C....\2./?.+..q...d/<Q.Hm5".}..Y:g....D..&xZ. f.I..*J.n .k.....%.Gd(..}.x..a.2lx.(.G.@_2.dP.C:tk..x..|".........'-2y1pD.M...F......8.Lr1.n.%....#r..#r..#r..#r..#r..#r..#r..#r..#r..#r..#r..#r..#r..#r..#r..#r..#r..#r...N....]..2\s.v.:*....U...*...f:,.5.`.J.....@/..'...E....*CGVI..z.o........^.`P........r{..#u. CGVD..5...-.DW..m....x.........0t.....a.W;j.k}fo.(Q..p.N5.[/..(Q..{..~...8'5m-0tdL.@F..K........D}.sY.CGF.....[S.Z>...(Q?...(CG......R...$...b...}..{^b:x.|..c.(.......}...<5...;Q p.d.....s.^..f....8/...k....%.c.`.j(J.@...(Q;\...2.4<L.e].....J.V.8...a.^.?o..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Connect 01.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 253 x 179, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2772
                                                                                                                                                                                                            Entropy (8bit):7.851913113424136
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:G+UxoQP8H/vKEr5eICimez65udPQcAAWraa1laOfe+aAbJjPvtuJRXXvjkkDP2Fk:GH+RH/3eICimezGudPQDraawD+aAdNuB
                                                                                                                                                                                                            MD5:74A7E29DFA61300BE1EFD9F16511C472
                                                                                                                                                                                                            SHA1:D4D077D4F160C4BC1F8A783A41BF73C3C90CF473
                                                                                                                                                                                                            SHA-256:70301841B123395675665F7B9A4A95ED658E6E499655C9B9F9123B11B6C59271
                                                                                                                                                                                                            SHA-512:A6A661850B4CD0D71543B38D87F0B65C8F6D76CA0F497267927B9D5740A415816C94EF3AA5062545570F9988503C0A2CFF9BF6978D0C3268E32F034F7034D5DB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.............Bg......pHYs...........~.....IDATx....q.....F.R.. J..1x7SA....LW`..H.\...@... b.b......-S......~f8...$...v......bR.M{i...sc.U.....I^.UY,..}D.^B>1...:...|<.cZc.b.7....Mk.~c....U.y{4.........zi....>.U....`U..!}_...M;3.|>....so..Ve.<.+.7.u.K.NW.p...d...;C/....?..aZ......?.x ...j..z....K....ql...xf...M.t...B..,}{..i.%.6@g~.q:.t......a_.....(...".C..~n..kK/..?.?.N..FU....{.S.D.i.?.V..y..F.....,...cU..SU.3i..#..Mn.......<.|$.x.R7.m...|...7.\>....~E...F....>.....qC..T..}.f.W'..k5..E@......P.$p..A...z...e.$.$...(=.......~.....=.B.`H.=.....!.2..P.....z@.B.(C..e.=.....!.2..P.........k..%{..F..Jv1..z....2.M.GU..... ..!-w..J9....i....gL.>.}.S.T......!.8.B.....=..-.w.ze.}&$.#.. ........qF<B.$u.K..?.%0....?..i'rZP..|,{......"..$..........{.S.^.o.c.B. 2...`D....n^L.!..?..i......Jn..UYp. ..........;.:.tt....n....;.l......D....M.;.D.{......i4..w.n...{.<k..../..wHF.?.../UY..c.i.....#2.?..i.;.S..m.o..C.;.Ui.SVk._0.cac.n..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Connect 01b.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 253 x 179, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2861
                                                                                                                                                                                                            Entropy (8bit):7.836636045012349
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:G+z4CjGMOWHLHvpYObJBFm2V3qgnUcfyGXqyvZYRjKiMWmj/iIklqF7:G69OyLSeDhqwUc5Z7WzqV
                                                                                                                                                                                                            MD5:925415B41EE4AC0784F3303E037ABC1A
                                                                                                                                                                                                            SHA1:F2D643686EC728B8362FEC0CABB9A2F3D815CC1B
                                                                                                                                                                                                            SHA-256:0B048F9F820EE144C174A80E36D8628778C2332D625DFE6F73E42BADA6772DA4
                                                                                                                                                                                                            SHA-512:961E67F904ECE58E0A65D9F7035DD3F892087940AF33713D8E1BAC99F30853B472272295A1C9D6FFF92D404E048CFA9BC74A8D2AD5BA6BC5C2C17EB58F00A4D5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.............Bg......pHYs...........~.....IDATx...?o$I...WN.vy.h.!!......Q....aG../.9.2.}...o.q.!.aG.'$B.'A.Z.....D.:=..w....y.....S......fu]K.EU?...(?....e...k.....'"2.?.^2`<....D......W.6...LD..Z2`..EdQ..U..S..a?.J..4\..0.G....U..K.y..R.iy]..Y*%......"..VK...........}Q.v?.z..t........H.. G.w_..F..k....a....?.;..N;..~.........$.b....y.g......>...[.q..;........[.k-.>p,.ZD.tz...S.]....@}..A.,.l5..q].....j.y.g..........t..B;.|..g..#o.Y.[..$.0A..]..z../..>..g.H..s.Z..gw..5.L'.....sz...pF.a......'...2.F;..l.vX.{.......U...C>Y..&3.....B`[.6.....7.$.M.....H....!.1..0.....z..B..C..c.=`....!.1..0.....z..B..C..c.......u..'....7.c..'Y..].>!z...+t.5wT..wzK.gg&?H.....JS..=V.!sw..n..C.....}.O..>...1.~$.V.k.9...!.;...<...>8.. B.CEU..$.m..y..M.~...v...c.c..!;z.".[VT......z.......u..p.(.....*.f.4...J.T.:!.[.......o....Y.}...ig.....Z;............v.q48.#.........C".....k....>.......CiIz.b..}D.K.N.\..t.%(....D..}..h.c'.}<+...*.l../....y..U=..iG.S..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Connect 02.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 270 x 180, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4883
                                                                                                                                                                                                            Entropy (8bit):7.914101756064351
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:b6A83M4XnLKWlUDfwHhm5n3/eDsdVqDXVkaEcqVsvTywA2RTt9I/X:2gVUUDfUm5veDCyCXc+svlAuD4
                                                                                                                                                                                                            MD5:DA5EB66ECA9B3E5F4F445D3B619632D3
                                                                                                                                                                                                            SHA1:86937DB672C9C0EBA708E7AF84973766328B69D6
                                                                                                                                                                                                            SHA-256:810918B484FBDE0576A12C3C69B15EB429038241D7A73608C2A3C276859EEA12
                                                                                                                                                                                                            SHA-512:FE884FD67472D7C3D59280CBBB4923939407707F7A91022B9EBA3F817744793F948D435543F23B89398E94CBE16394FD2B24E0232A869351A2F892C6F03850C9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.............e.......pHYs...........~.....IDATx..Mn.H.......@..n.A..Z..`F.>..X^.:..".... ..Z^...O0......]..~..2..".....B.n[")....W...lH.l.E.z.VoD..<FQ..M......#I.I.E.(..Q......q.m.E.Q..g..~._.H8.4Sb..X....0T....$..6d.E.I/GE.?(...M..!}g..........!..S[..4^....$..DQ... D.O.i....*....!....".....?P4...,I.e...p..J.5..4..|..mUp.........0...my.8.E.>.....#X.A.dq`_...$...!$..R....CL..).am\.....z=..\..H.T..S..\.<#(...R..OL...).d(`....Hx......8..`%.1E....4...e'<..",.p|.....1..|B.?.cc...O8...0...B....\.Ih..5<..p...:.Pkpm(..1..?B.V.S^0....Ag(!?...........(...1..B....!D...."..A..C. ...p.B.P8.!b(...1..B....!D...."..A..C. ........4.........M...(.../..$.3(.G.B..^..9.....I...u..Ykv.'mC......]...C....$...I.!.@...L.[......*...".,..l.s\'1....hN..ua...%...j....(.-S..3..U.D.Q@.......d.`....-.m..B.a.G.$i.....D....l.4..7$........*.D...q.0.f\.....|.....2.Z.....!I.)....[=`B..1d6sy.].#7..){..c!.XF...C.r1.-......,O..5^.,....J..I.}.Mcn_.3(.....[..'...........$.c..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Connect 02b.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 270 x 181, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4970
                                                                                                                                                                                                            Entropy (8bit):7.918801585601483
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:2r4vQ7uUlkbxDAzBD0YjfvoJUCHbE80PClwBTwxcZWty:64v1UODmBD0QvoJUCHQ89lwBTwKOy
                                                                                                                                                                                                            MD5:806C821E92A332E9027999A80CA6951E
                                                                                                                                                                                                            SHA1:5365566E77705238BAC426A2E396B83C54976049
                                                                                                                                                                                                            SHA-256:384A13D89ADD5A0144C9722D3ABA7893E45B4495E800DF557BDE5C7E84C8B792
                                                                                                                                                                                                            SHA-512:75D771C510758D7F4B2A75980040ED74326B63F2CE4BE8524EC4CA10E3C083FFF176A95E909A812A122043461F3EF1F5DE98027A704021B7C06D8D71241794B0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.....................pHYs...........~.....IDATx..?..X.._...A......]r.....i......&+(.........i......$+$..MJh6..]....FP.........~..g.~.~$k....v......E."...... .N.RCl...y..(.6J..Rj1.......[.A.M.R....(ZH.J..|..t.$.....\)u\.^.....R.....k.W.p.a4..J....l..u>..tzr..V.>!G...!..^.w..... ..J.......r...]..{....A..}.}............!v.....;.p..B...a..}..8...%..O.0..z*o..K..aw........a..L...R....HwH.ULK<T..G.K.N.N8.0.+.~g...H..\....Xv\Z<\W.Q.%K,.:....}[$.,*.7B.....Z..|.k.}...P...E`Yk..Zx.c.N.=.......*....x.T...@..-*d..,Xv\....s..C....#....H.wi...j...%.$.z.T8..A.._.K.!yP8.!b(...1..B....!D...."..A..C. ...p.B.P8.!b(...1..B....!D....".=...h.80h..ku.....^(..."1.H.,...}...F)...,....E....f.b..m.x..1.].. .n ".6.&..p.@J,..(.E.To....h..$)...B0BP...4`..........B.....Q...s<..z..a...I.!R(..i.`.y..z......K.b..8..}.A..9...H4..}^.a.a[..Z.%..h.+....M.,.....s........%.P8,..........-..... q...".$..:.&....Q.........V.+.HK..s.....Q, .."r.A.s.'IC...|......U9....f..'...mMm.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Devices 01.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 567 x 129, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):6725
                                                                                                                                                                                                            Entropy (8bit):7.937534717511396
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:2+EjDf5Uv6WEYBKP/Biu5os+SCxOUOKUWpo:X8DfBOKPJhUxZG
                                                                                                                                                                                                            MD5:48EBA9C316231F11C1998893BE69BF0C
                                                                                                                                                                                                            SHA1:90A3A211DCC79071BF2578B141741249A04949EB
                                                                                                                                                                                                            SHA-256:25C37F6ED819BB05A22FA1846618C7D54C78CBAD856E03E71FB1CB5939FC3B19
                                                                                                                                                                                                            SHA-512:3C12AA33D1701FD3CF809B26DA8F64D776C23C2C9EF5E91E63E2C922B558407DA71629E9BB5BFF58777A3220E16A91BCFB0CFC10D52E3F86D598A74738E03FBE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...7.........<$......pHYs...........~.....IDATx..n.J....pN...V.m.v. ...J...z.(W`.."_..j.....C_....]....D.. .........p.|~.. ._J.>..y.W?~.HB%.7I..I.......I.<..q..."..B.S..7.43.N..f.$.:I.%..!..2,..7Y^..$Y$Irn....y'.....B...B.+..q.=.......BD..M.d...@...9.).o.<....MH.@..u.}..m.HX..;.7Y^.B.j.~.e'..8]{z=B.....7Yh.x...E.....;.<'.y.$_j...d..>l...,/../;Z..&.t.......dq9..D|WLk.....KG....t"n ln...s.P...p .L...=2X.).4.,..8.uy....@.M.......(j...{dP.|DJ9.u>.d....8.... ."l.s.-B...........c........;/t.M.W..3...JX+4n .....oX(.$.|E.'!...._c].^{|.U..i..ZB:........R.Lm.>.5h..s.+^jn.....)J.a....u..0..l)g......=....#........|_....`mP..t.Zv.......+..X3b.-.8$jP.QX.t*n... 8L..v$..25..9....7.;Y^,-.......D8.~..o.miN...%.3...}..<rc..mm.d.B;..'...._.?..5:b4....9...."..n..]..?.oZ...?5.f.....w.}.x....#.....vZK.R..dn..K}.)...:...;.7.[.u. .lZ6c'{...N{...0.......E.>rL.....?..!........wD..Z..........C(n...Y.]\.p5...G~Kn..(.+....x...XwL.|......u.`.......B....9.A.gf

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Devices 01b.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 568 x 129, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):7061
                                                                                                                                                                                                            Entropy (8bit):7.941053016684348
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:66peFSyCa4BGXRW1KccnFMF+0okbJMElBFIn19Bwsg:66pq/XRW1KluvlB21fwsg
                                                                                                                                                                                                            MD5:8D0FC1A1FCEB9CCE3A3BFE72EFEA4472
                                                                                                                                                                                                            SHA1:23EC34BDEA36CD6DDEB3E1C01B64BFA116E8E3F2
                                                                                                                                                                                                            SHA-256:22409C98257A8C94F09200884ABAEB688948F1F5381E493D39A06802432805F8
                                                                                                                                                                                                            SHA-512:FA31F204952C8EFF34F4F2AEB913926577DB49FC15DBB9A1D7A65D4E8F6E7DC485DD231ED65FECBE6DAFC8373902780605CC5D370A1B0FF6F8D024D3534F07E1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...8........../.b....pHYs...........~....GIDATx..O.$Y^._....P...U..A.P5x.d...C.,v...8U..EA...".T.,. lg/...Ja.=.T..1@.,\."L..eA..x.Ng.Q....~.;:;3..^....@.P..."2....M.<W1.f..R...>....(...B.!..V.Y>RJ.K.....R"t.......!...(A..4.w.R..6......#....KC$..BH..!pJ....).(t.!..;.."...Rj&..<'...4..!n.Zl.X@.L....o 6m..f....K]c....{[^3n..YM.........&2.e..&pp.N.Rw=..B)5...g..K.. j.!lvxW.p...b.....gV.....~...V..... x.6.x.(rHL.Y>..ik...qqO..I......d:L..]..N..".DA..b..P..c.H/I.\....>.....W....)..!...rl....0...&.$.a..}.>..|...B.0&B....+......i..c.'.. .y.B..5...dK.x..bl...|.3.....e3.QB:Ei...[...J..B......I.,|..D}.NZ.0.....nn. .N`k...E...<M..\..5W...T,E..kr.....5.HHc(n.d......=i..:,......Xo......jf...@..1.E+.i..n...G...H.T..E_,8ur./Q..x..A..a./.V...l...8.(..d:......h..{.........</CK...S..T.{.r:L.,.i...E.b:L..A.R.wZ.@}.....,..{..r......h..4..c.e.....6.....d...7'by.j..7....t....-X.M9.H"$h......\..S.`.G..e.r..!^(..3A.6.P..BG6h..O...Z$t.L.......].M..u.1Mv

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Display 01.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 563 x 325, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2540
                                                                                                                                                                                                            Entropy (8bit):6.029624423166828
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:3JQDjGsqI+5N/34s0edxb3Q2CjQRc0Yp2TsooCHasqh8nqbEDlOK:3ls65h34sHxbQ2at0Y1ooCH5iIpOK
                                                                                                                                                                                                            MD5:5D31BEF0D0FB9881CC6B132DE1101745
                                                                                                                                                                                                            SHA1:DF96187E5237134AA9DCC93CFAFA66627357A287
                                                                                                                                                                                                            SHA-256:49E3EE10632BBD9A521AC129B83A6EB212AB2A3113F0C8FD1F8956E3B4436231
                                                                                                                                                                                                            SHA-512:635B7A45065F9CBB97FA1A5FB12C1825DB39CD2E92B84F432D61259F92B68A33168A81A52C9564EA8E5461F9449451494C6583D734ED7F8AC5DA5CC899A6789D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...3...E.......l.....pHYs...........~.....IDATx....Q.....*..D.".....8....#0..E m....7....2...:.g.0......<U.T.hP7.o..t._.....@....}...^)e.>.J)...7~:...{).r^J.f....'.{2...}...;..~TW...R..t2.......b.S..R.{?j....kO../....1.&15b>.j..Hj..m3.yV....a...R^.r..7.[.....z././n)...A...n.P..i....{.....&ki^=..B..xA..../.`....`.<.4.Mf.....j.L..>..b8.2...9k..N...C...%...a....i.dN]:.`.../.........!...v./k.i.......;.u...._......V.vok........%..m..c......-..1..5.#}..1.cl.....Zk..x.....d..w.3.e4.G8..trga..@.3j...z.(...d...j....g.........;9=.0Z...:..i......Z......r.....o..D..x.6.9.<i.y..M.'w.....-..81.J.....\zj....5.........>.....:...2f..rCb...Z[...d.....\>..SOO...h.Yf....zum{..3../M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M........M....

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Display 01b.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 564 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2534
                                                                                                                                                                                                            Entropy (8bit):6.187458781872805
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:nPbQUi5pmkex74IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIU:nPbQUN5+IIIIIIIIIIIIIIIIIIIIIIIu
                                                                                                                                                                                                            MD5:C50A9E7C951E3A00869A77173F05C5CC
                                                                                                                                                                                                            SHA1:C308112B2685F993BC89D0FD242566C09C902A1E
                                                                                                                                                                                                            SHA-256:3937FF6FD2AB14A64E1E71D209BBA6D6CD26314BE2A0A048F181F06FAA435C8A
                                                                                                                                                                                                            SHA-512:B94FE6BB48F097D8CBC4EF6AA24F3F9B04629807FD826D0CF77F25FA1792ADF9D391D5738F8A346D13E768EBCB96BCE5FACEF4868382A1F847008F3F845801B9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...4...D.....0A._....pHYs...........~.....IDATx...?V.G...j=...4>....lR9.L..{.s..7.F...;2:...............3..~...^..C.t.|_uuU7.C...f...z....|...q>..yw1.U.,h...2.G........}....RN...t...)h...r\Jy+b..=.q..~9.......4.~8.1......].9..4;....jI.....6..]..]..b..\Ge~.3..#..........:Wf...ow....|._8z..{....8.s......?.7..;.9.......rV.d.........&.jk.,........&.m.CSW...;..<3?mZ].V..gT.......q....I..9..3..3.......E?..c..........|.-.p.{=..{..............O.V.c_.:B..Y)...}....r.m....|_..0...[(...w..94S...w,11..\W..............?.ywk....u.~.c...y9..'L_Fh.d...U....Q......6..GNG.'...wSO(...a..>5..W.3U.|....x4....4.....3wn....Im..Q....4nB.m&..EKK\5..wS.[.D...%^....uyss(..].....-..h......0...h....''h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'h..x....'

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Display 02.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 418 x 41, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1018
                                                                                                                                                                                                            Entropy (8bit):7.592402450098522
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:MAaGMBkeGB0mVARASA51bFEgiPBQ4XRUoo2NKh/WN:hXMke05yA7bugIQ4XvooY/Y
                                                                                                                                                                                                            MD5:7374E2A43CB40C3A927B5F9959149901
                                                                                                                                                                                                            SHA1:111FB872A39B6C082CA43CE575178461BB594530
                                                                                                                                                                                                            SHA-256:9E3493FC9CF003474CC8E2E65814F3BC1FF8821C9E18F975B2B62C696D12FFE9
                                                                                                                                                                                                            SHA-512:3BB01E810E49DC70008CFDC4471F72BFBD81E924B652A096235F2105965B22397DCA8C55EA9326FD6DFBD9DAB216D9D020E36AE1E96D8990E83B6AE86F013520
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......).....w.-.....pHYs...........~.....IDATx....M.P.....=l.L@:Ao-....0A...LP:.a..e....`.d.T...N|.}mB+5......'.~...=Z.V.W..."r......B......9......O".Dd.?!.......M....D.Q..."2.....h.(".Rk.ey...).....AD...-Bom..,/4..Py..+,u9'M....o..T.....<.`O...Mw.u.x6!...[[..R."..#...oa..... ..bM...V...nc.D..T....`.......3B...hd..Z..h......4qG......,"w.U.@3..h....mk.sK.FQ'.+.H.SN..<M...{..H...I..q.... .n.QV ..s......B..F...5..)-...*.6).~w....V..........A..&.[W.U../m.n...^GFY^LX3.....?..w..:....N........77...." .6%...M.......7,..5PG..~..)6......0.mn .......]s.e.o'j.b0......^..^X..1.3...x.D..{{.....L....)FD@...'[?.BI......A;.W....b.).J.N.e...u..=...v$..B.-...@.I.F4.f@..._L.G....Y.D.....2k)G....Q.A..0p.....z........ .{S.)..%xP.r.Y...2...#..8.G.&L.J..,/\....-.../..*_.b...C....-..... .;....#...V...v..n...M.......GEz(..E.......j \.5.&N[.\S}....}.x......F..=..r...kSsUv......4..=.L.7......[L.0.P}.@G:....B.6"....uW.]u....~j{.ZE.Q...s6Z:.?.'.8<:..u..A..o.(HD~...

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Display 02b.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 418 x 41, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):992
                                                                                                                                                                                                            Entropy (8bit):7.535009718254115
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:z8BxQe0TePO+8NiLc0Q3BvRbFsEFZ3DmyUaO6qtV5:z8B0J1Ocf3BHsUDm4Cd
                                                                                                                                                                                                            MD5:14FB74503A226AD44EE05F6B3ACFCD48
                                                                                                                                                                                                            SHA1:A6A941D05179649E59A009D62F27CFD795B3198B
                                                                                                                                                                                                            SHA-256:F25EB99C02CBF3FCEAA3A5A6CB246BBFE26FB2662936CAFEBD9F8CDDE005151F
                                                                                                                                                                                                            SHA-512:14F19438DCB85E157C6C43B2F19B76E172C0BCAB6D3B4EF26B55FD696B8E4B27197C6854718C9DB9F9B7D4AE1A62DDA03EDD8CAFCF869AEF0BE3F9DFD84A2B22
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......).....w.-.....pHYs...........~.....IDATx...An.@...7.....'.7.w..W.....'(7(...^...N.p....j..=....R..$......>f<..J.Ya."...PDnE.S.....7k.y..G.Y.Yv....(+.XD.D..!.@.JD.yjf1...DYa..g......)...,B.v.z1+.TD..!...\v<i.4......Z.=#..8.g.. O.k.R. ..Zp/..pb..QR.#.........f.. ...v..}....4kvvKsYa. ..............G.3..!.....5sJ.HgC..} ..*]....c..: Z..z..1...r..&...w......w@..]..2^@.<O.mL..}.....R ......o../.5..tv........6....!$.#fF@...t.P...5Z.x..E.mC.5.w|.......$X...p._]...3-.<.z....v@.1......D..oIN.&T}d..F3..... ......r\L......vM.......|..v.#..k...w...4x..j...+..~.~....h...#s.....`i...O.D.....H..p.g...z..{G}}.@G..2......lD.._n..V.@'.+...,T%...@7.mc...`.q.....B...h.v.U...8..D..^.......)..D.UX..1...2..F+=S.8.YakU..9o...5s..).......Z.x.....8. *..~-.d.Fn..W...pF....v....l.h.....8...9<_e.!%K..g..H....5N.#....LI|........t....7.....Ue...^o*/...X.#.yj.E.Z.H6at..#......Z.6L.fA...h...m...:..h..WD{.6....D>...........9....W..X.`Y:....IEND.B`.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Go2Meeting.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 403 x 849, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):85416
                                                                                                                                                                                                            Entropy (8bit):7.9853531268658555
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:wAvvK0847tDGOXl9CCdAB8C8uzhkKM+010k4lzyUOAManqZtq0IKJLf7+92:RK0NtyOuWA/2S2UGaxozm2
                                                                                                                                                                                                            MD5:6428081514C762235484B78DE4D3FB53
                                                                                                                                                                                                            SHA1:5D2D5F71B6433BB46704D795BF49815EDD8A0223
                                                                                                                                                                                                            SHA-256:5C21456B22595F128A2C6303D966E9A8AA9ADF0D34C2B5C578559EFF15DEFDC9
                                                                                                                                                                                                            SHA-512:49EC94B13B2CC0E7BAF12D737CAC3CADD7AA83A9CEAD2858E5A8E2E9FD0D6C0783FBAF46BF7E64DF375970A1A4B434BDACDA046CFECBBC19954B9668E67A3C88
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......Q.....&.Q.....pHYs...t...t..f.x....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c005 79.164590, 2020/12/09-11:57:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.1 (Windows)" xmp:CreateDate="2021-04-30T18:27:17-05:00" xmp:ModifyDate="2021-04-30T18:38:34-05:00" xmp:MetadataDate="2021-04-30T18:38:34-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:6352cb88-8d2a-e149-8d10-7cffae4a6cae" xmpMM:DocumentID="xmp.did:6352cb88-8d2a-e149-8d10-7cffae4a6cae" xmpMM:Original

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\GoogleMeet_audio.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 1000 x 813, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):42674
                                                                                                                                                                                                            Entropy (8bit):7.840543790213694
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:U26KcWAxdOTO5c83tmMuc6Ewb9rrRLO+Pn3SDMyYdevWDXCF6xLF6+Svm/GdFa/5:UxnWAPOq51ki8g+PniDMTdevQSF6xLFt
                                                                                                                                                                                                            MD5:6945E1DF586C00BA686661631EA1CB04
                                                                                                                                                                                                            SHA1:9CF569943F5A14DCF9E7EF19782943A4E92A080E
                                                                                                                                                                                                            SHA-256:60570553A0DAA7FF5A0D913A35A80CC56EB902DE30A6B9167915E996382B1601
                                                                                                                                                                                                            SHA-512:DCC29BE2CB686FA00B68CA2449A693CB6DF4B7E15B6C8EB2B79A84044DEC9243614480381FB7E5238780E9E98293286293C8632AEB1D1F77BC705E1C5E4FFC2D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......-............pHYs...t...t..f.x....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c005 79.164590, 2020/12/09-11:57:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.1 (Windows)" xmp:CreateDate="2021-04-30T18:27:17-05:00" xmp:ModifyDate="2021-04-30T21:23:22-05:00" xmp:MetadataDate="2021-04-30T21:23:22-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:6f655927-aa5d-0948-a8ff-3c5aaaecc992" xmpMM:DocumentID="adobe:docid:photoshop:aafcfe97-a717-7d4a-bfba-859cc33b877d"

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\GoogleMeet_video.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 1000 x 813, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):49327
                                                                                                                                                                                                            Entropy (8bit):7.888483310268996
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:HKKfW1CdIvk8YKDoAOA+MkG0VVHi8q7Fixi4xgBd56CR1ek8UFJiAEb:Hu1ebfAOA+HG0VtqEuj58k8qiAC
                                                                                                                                                                                                            MD5:204887D32D0D728E2E72961501142C68
                                                                                                                                                                                                            SHA1:3331B0FC1D18CD8C3CAD8AD69F8D1DD9CAA8B8A4
                                                                                                                                                                                                            SHA-256:044AFB54D6FDD785AD82B34E4D8391FB58A1BD231EAF18CB5B3D2952F123DCDC
                                                                                                                                                                                                            SHA-512:FA769DA9C79726E64B0EC58CF8B717BFC34A4F392FC9974369200448CBC266440BBDA4898BE3E9BE3FFB5BA16FBF47600E910C587A6CDDC25CD971CC60FB8D7C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......-............pHYs...t...t..f.x....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c005 79.164590, 2020/12/09-11:57:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.1 (Windows)" xmp:CreateDate="2021-04-30T18:27:17-05:00" xmp:ModifyDate="2021-04-30T21:19:08-05:00" xmp:MetadataDate="2021-04-30T21:19:08-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:e16fd676-4704-dc4b-8de9-f5a093460ec6" xmpMM:DocumentID="adobe:docid:photoshop:8f014ea2-b541-b44b-a065-a8feef2455ce"

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Hamburger 01.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 128 x 75, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):476
                                                                                                                                                                                                            Entropy (8bit):6.572841577492603
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/7+/3UNBHPKNU+ZlZlZFpGOK+uf81ZlZlZFyHrK1ZAm8:6Nctbb7pGcufubb7yH2Lg
                                                                                                                                                                                                            MD5:0EE2D0A6EA0FF374B16A61691601C046
                                                                                                                                                                                                            SHA1:9267376FBFCD392CE6E45CBF33C814F4B22E9651
                                                                                                                                                                                                            SHA-256:C75D0A805DABE8DA0C642883DA48509B0DA1A1ADA39472A77271A5BC5BA046AB
                                                                                                                                                                                                            SHA-512:B3926CEE6A6713FA4F5897FFDDE188A01A2EA98CF19CE1E1337EC17E1AC6BF951F63CC2BF3951664EDA0630131142BB57017094D72945F31527CBC5767CFB752
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......K.............pHYs...........~.....IDATx....M.P.....G8%.@..==..t..@..A:.....KH:..$.8Z...0.u..8.d.=..!.b.."b.Bhk..w~..X.....G.DD9...y....:....}..>.....3.8..3.8..3.8..3.8.`.g.[......%.x.O.h...........@.I...~.....p..g.p..g.p..g.p..g.p..g.p..w.........#.w[.|....S.T..&o..v0..k.....3.8..3.8..3.8..3.8.`s9....C....W.>..h../.....p..g.p..g.p..g.p..g.p..g.p..7...~/.z7.#.C.q9t.kB......r(..t..g.p..g.p..g.p..g.l.....P0.......Zv...b...9.....IEND.B`.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Hamburger 01b.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 128 x 75, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):491
                                                                                                                                                                                                            Entropy (8bit):6.790559557465972
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/7+/EOJqXZdqBqyQ85+BNFaFIAhRMQS/uMlZlZl7Jc:XqXfqV4BNFShjSFlbb7K
                                                                                                                                                                                                            MD5:A7F065CC49B62671D1F7A0C559E805C3
                                                                                                                                                                                                            SHA1:DE343398B2C64DEFBFCCF09747D4925F79509439
                                                                                                                                                                                                            SHA-256:10B9791E40694B30A4645B8841A31F7F16DFF84D38C31F5423A4250E1EAEFE49
                                                                                                                                                                                                            SHA-512:6DBEBF11B04E5FF8C9C5F7A3B3B4F1572211E12A1FF499C0851E7D25F572C22C53A176FF685D7956E14ECC7ACAD6BA27CC5C951F7FBB19C2A53E5911F7131623
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......K.............pHYs...........~.....IDATx....Q.@.F./....-..r.#...K....<.7.a.P.t.. ...P...:..1.3.?[.}.b...I..A.d.6U7.....$..z......,...P.u..}...k............................5...g_.MU.x6.......(.B3..@tmS.... &7.p..g.p..g.p..g.p..g.p..g.p7....3'...............dJ_....8x.=O.Bn.+....o.|.L.n....g.p..g.p..g.p..g.p..6.........n....}5`.mS.8...................................n....CWI....Q..X.......:........P:..3.8..3.8..3.8..3.6o....P0o....94....\{..l.....IEND.B`.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\ScreenBeamLogo.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 601 x 74, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):6635
                                                                                                                                                                                                            Entropy (8bit):7.956737759715022
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:rTOgkGBqPdihCpS1zTXA+x8vEIJ+7kXo3maupCIa:rnkAqPdmCIJXALa0P5a
                                                                                                                                                                                                            MD5:64EFA7DC6B94CE461FD8B8E348A28B05
                                                                                                                                                                                                            SHA1:7867140BB930F7ABE83EBB66D731141C4ABAC20A
                                                                                                                                                                                                            SHA-256:EF69AD54F09D3223FEA10E0A8BBB71E31100078A87E095EB0CC9748906B3819D
                                                                                                                                                                                                            SHA-512:AB9D0ACC714A212F20A7B97C6F798C507C42098B9A65FB03BE0A3D197F72D06762A892DDFB1375D456D16EE2BB58FD81E2EB19F257403EFBEEC7A273EE2D428E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...Y...J......%A[....pHYs...#...#.x.?v....IDATx..Or.I..{&.G/..^..>..........fN0..F'0...........gN./J~J......n...x...].UYOeee.....H..p2......(.......~j.E.........h......0EQ.EQ....Y.....).....q..2.k.]..H...Y`7v....#.(..%....,.......1......*.3..(...'........c............Z.l....bk..MQ.....4L...6P.]..8.D.\.f._$..#.f.O...d..Ph..r.5.].[........pb<G...X..h....?...S.(..f;.?.L.N+J...,#`...:...7......-EQN.^.E_...*J..,...N.J....*..E9a.Uh)Jx.,.:!..."Th).r.\.P..(..).L.S..B/ ..EQN.%..*....".....o....p2..(...Cz.EQ. !...l..Y.jNQ...Z........&.=......kx.:..[.v5......"..,........^.=D..G$.+.(..=..$.V.P(...3..1c.X.Y........W.E...'k* .>=?=T^A!k.K...T...Puf...(.'..B..4F..R.r..^Q:E<&..9.."...;.a..A3!+..4.O.F..Z..^....^.z!..Ei.....n..H.J.........U..-.....;.K....0.".b..U(.-.....X..jNQ.V...0Cl+.]`*J..,..y....o*..Ei#\."KQ...|..H_..e.?...'.k54..8sRSX~8'..]9..S..X{.....F.7#.-.Dkk.q...3n..vr.....'G..H....ks....Yn=....i.2.l.9.K..>?.9.zkg.....U.Z xM..&wN./.0..Y.17...

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Settings 01.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 227 x 180, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):7228
                                                                                                                                                                                                            Entropy (8bit):7.96362266301775
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:kOt9w5kl1xpeQHWHAE5041RSdw5E4aee6AARfYIflh9M4Hzfaa+rstb1YpjT6s:k89wql/QaWpRSdc8e5/j9LaLrsMpjT6s
                                                                                                                                                                                                            MD5:04EF5899D53A2AF4D87EB161DDDAE312
                                                                                                                                                                                                            SHA1:EF05428FC27D5DA6EA9DE6B4E4FB0CFF0F7157E8
                                                                                                                                                                                                            SHA-256:B8CCBC29B65B34C4BB7CE5E28FB0AE48CF499D45BCAA39BF7DA25C01D840378A
                                                                                                                                                                                                            SHA-512:4341AE9AE239CC27EECFFA6117137F702D741A2A6DA6D1A89EC80813FC3ADD7C6D7F54751160786ABA657E7E84B67ABB25336A1821CCD615484AC22C2994254C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.............f.......pHYs...........~.....IDATx..].q.I..u}...@...F`...i#..@R.F..E`........"X.`E..UkO.m...o?..T..a..aN.......U.O.'.qUUW.9.....M..{...YUU/....r..\.2:.O...UU.Ez.).:.8... S.2..I=...:.%......b5....y........Y&.S...O..6........B...C..p.s..Y..^WA@.4...SU.I....g.I....B..-.U....__."......a....m.:..3....O.n.W..C'...........6.....F.P._l.U.{....y.7.k.VUu...c.3.?.D..)h.."#\.....d..I.h..<;U8...pH.......l20.......qS...N,5.....)N...]|......,.8......kg .4..!c!OAp$wS=.BM..}<../..N...S.Q...x..u.q.Qi.......@.A..\.;F...M51.g...*..s.o.....<..9.W.."..."....p[.$....M5.a<.G..J8'.0r..=.D'.CD..<..5gM..n...c[....s;xn.6.$@T2.$.@D.0q.&kN.6.._....{e...^....2.A..FF...8%.u.).2^.4..\.o..&.4..eb$>....5u...s..l.......e./........q....B.y........[.'....y-.2...-..;.e.7.gcE..A.."r...V...x....0....n..E.t.(.......`.8."Os.3-...a.y2.yq...d.'u....q..3..o....... .Q..]..Gy..(...9u....~M.{...q'].xP%#.z#O"NA.w.4..].w.!.......)mkA.......FF...#..tq..HD

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Settings 01b.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 227 x 181, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):7176
                                                                                                                                                                                                            Entropy (8bit):7.958435392585551
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:1d39ffDdaSaHiWIKhJdof02esUeFEOTqzMBu7xDRs5:ThRGH4KadlXqcqRG
                                                                                                                                                                                                            MD5:3381A6F3CF452721366507045E0A9DCE
                                                                                                                                                                                                            SHA1:BC91156986104AE4794CCA4F63D68396668B4DCB
                                                                                                                                                                                                            SHA-256:387D53BBD452C6CA18D0333D1D754CA8049621A6C9CB71ED82AA053DD95D1663
                                                                                                                                                                                                            SHA-512:DDCB94DB1CC063CBB04B030F726F87C778182A6CFB76322E263C3D53635CE3F2B45B13A635AA6BB9684E84459B651AEB20FB70E777E0442DAAD39A9436437B33
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............YH.....pHYs...........~.....IDATx..]Kr...m...o..W ..,.4.<d$....H^....#..CF.+0....kV...K..+?U].u"./.>C..S......z]d.Dg.n.EqU......S.........e.)..].dt../....Eq..R+...==\......82...d./..k..0/...p...x..5"..?"..Eq....L...p.....dD.....c.........7......K...q..5.p.'#......}.....c?.....2....m.;.99..H..2...6N`Jg.....MX.......x..K.L.g.....UF.!....H...y..y.....82$.M..M....)...e./..)..p.jI..\.sD ..V...e$c.....".8.w&...6...N..y...9]...I..3YwqJQ..OfQ.....e%LFp..3..?..?.!.......2.<.M(.E|a}......,.K...Q.R..?;.....,rm2R.ODF......<n.o...s.W...L.L...%.G..~.9.O..'.y..FY.=....O..J....E2...pp....4...M.v&.+....?.......!*.qj=!.......d.2...'....M.M...OA..L......).!.f...L.....2..Q!|3<.Li...ex.....a.....;|S{.gX.....Hj%`..M.;15T.I.(.......O....kjr6. 5.......p.z.).7..|.+t.HzC:..=..X$D4..KQ...[9......U........a.M.|7%B.!@..Q../.we|_?...z.l.Y.0-)..%.3..1M..'.....D,..z.pB,u...).4N.N...{.g=mx.....f.n..S...........v9w.a..P%#~,I2.C{..1...[..~...zW.. ..8

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Source 01.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 272 x 202, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2605
                                                                                                                                                                                                            Entropy (8bit):7.7402023981882175
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:E+1u99QkCU8QSObjAzrOZzzx1EJ++YwO7sdcXvfpmR3akAkAkAkAkAkAkAkAkAkO:E+1u9sU1jAzrUzQJewOW0nUapppppppj
                                                                                                                                                                                                            MD5:9E53C56B516DD54749FC05768098FFA9
                                                                                                                                                                                                            SHA1:917DE4A8D10A862016D223859F9624465C45737B
                                                                                                                                                                                                            SHA-256:E07E38B0B90360D8FC316E37436E94D7692A02E500C60A0064C3DB22AF3DE49D
                                                                                                                                                                                                            SHA-512:AFE46AD70BBF82188C85717EC581077C1667361181C99E03A176CD54761D629B188712A29BD88FA8AD796CA5CE5EB4E314D78146E1E6AFBFEDA59DCB5AEF2870
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.............m.......pHYs...........~.....IDATx....q.W....h#@....fj..6...,G`9.......?5n"X..E.(...:..B.{..|.y.(Se4jF.[...s....K..Xv.M..O.......-. P.b..5Ms.4...^.}.4......5....|.N. P.b..A.|.^G....w..(..*Z,..i~..........}.K?/...U.}<.&..r>k?l.g'@.......c.$1.........6. +7.$.....7..........i~m..?.ew..@.!@...-....z....D...@e.e.o......9.r.F......r`!.&..j.S.....HL!N........&G).B.Y....-.u^..@......Z/&@`.,.].ar:QQZ.S......a1B..5<.....2..U......Yl..p.#.t....31*9.Q..O?*D....#.I....=.#...;8... p ...4.$;.).q...D....8..<z..f...hd).o.Y{1....8P.e...I..^.../@...X....N.Z.. 0..;.*....4u..x...".... PY.g.+.V}...n.K.......;.. PQ.G7.....U.0I..|.....O.P.y...O...e.)>...gm....u.......U...?...V...../.....j.._.....E.8.i....... ._.......)..3.Pl..^.@].....;`._<......,jJ.B.@]..u...d..)....G.@E...v.....p+.E\./.u.7..*...~....1^.......T.d0..1.=.8Z....../..Q..&.....6.. .ek...*......X,......0.e..j?r...M..k...Oe...u........!...|.F..|.W.-=.G.B..\..;(vHN....

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Source 01b.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 272 x 201, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2609
                                                                                                                                                                                                            Entropy (8bit):7.751935570594546
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:rWJfP2n18fIq36wA1Y3S0XCi+OsmgV7iQKeApLzuVcaaWhq0OIsHZc:l8gq36wYYNr+OsvxiR5Zgc1vIsHy
                                                                                                                                                                                                            MD5:8BB5D9194F9AE840C1EF54C02C43FE99
                                                                                                                                                                                                            SHA1:96EFAC9879BBEA22C1EA2FFF18B1F2BC3E4594E1
                                                                                                                                                                                                            SHA-256:D07F812BD5236CCBFD9217C6AC267DE941D006641ABB3531BB5149DEA9E17743
                                                                                                                                                                                                            SHA-512:F22625D9C3FEB679DEF5E0AB3C92A5EBBB255CC7F7AF419C69C323F85B8203776F4A1530927FD8B6BDC9824328510F20DB752B2EBC3F862756A5BE707CC1E15D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............LmF....pHYs...........~.....IDATx...KR[I...T..P+0......i..F.WP.T+h..S#M.P#..`..+h...q.).L!q.(.^|_...........A.4..o4m..N.y..|.:..nw... P.h..q.R:....9P.SJm..N...].\..T4.6.9.....9P...d8........F.f.R.......j...u"@.......xI.&...2. P.h../.m.lj0V.@E.......x2.\..E.Z..+.yC..w)./.is=.6..zQ-..(.y.l.{.H...p. P.h....m...1wmz.l. .\.z......rk.......=..8...?....>..........\.z...4.....!9... .e...}..n.<..Y.vD.....)...1..\..$..vDn.....+..~.........A.i...R..CD.....$... ..r...6..,.X. .'.;.=U<;#@`.XJ_T'b5..\m.!.(J..VL'Z ..r..:X;.iPU...[!D....K.....A...U..>.......}.[..."7..`..D..*._.....&..k...!..rw.....}.5+.y?..Z+g.!.2.^.Y..........G..r4m.V}..).....h.@E=..Se{.6.RJ..xH.:z.u.@..>.0l......U..IW..Z!Z P...i..:..F...?.......u.L.........%.z.... @...5....H`@.o.. PQ...a..i8Dr..%...... PY^C....3.s.....?...ATX..[..Q.5jGB..N.>L...5)...@....;..Rz.]`F...e.0.../.d8h...o.?.{y..K.Cr...|....."m..d8...M..../Q2{.}....l....6K^Xz.H^k.W.k..>...l...)..^Xz.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Teams_03.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 1000 x 1000, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):69554
                                                                                                                                                                                                            Entropy (8bit):7.876398312717814
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:EoeNeq0IAahqMnkW45preYA7eVyQud3ce/XjG+7/p:w/DHnF6FcJJJB/j9zp
                                                                                                                                                                                                            MD5:C6A33864468BF8E7F43B4BBB8DBCF83E
                                                                                                                                                                                                            SHA1:99F18AB1F88249E2D184E2ED09111E6DF849BA57
                                                                                                                                                                                                            SHA-256:BFD7126FBA79119B208374700733B636EBDE1E03A20F0D07757181D59E8DBB9B
                                                                                                                                                                                                            SHA-512:BD4CA6DF1BE8046AAC755F9790AB0E02A7692D18C6F9341227CF1A2E013C54BEB1DFA66F5F5C31D46E18D3CBAE077950C0034B88860D593ADD0FC7B0DE8C9493
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...............C.....pHYs...t...t..f.x....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c005 79.164590, 2020/12/09-11:57:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.1 (Windows)" xmp:CreateDate="2021-04-30T18:27:18-05:00" xmp:ModifyDate="2021-04-30T18:45:01-05:00" xmp:MetadataDate="2021-04-30T18:45:01-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:c433aeb0-0a69-0043-ad67-aefd8a1b2e97" xmpMM:DocumentID="xmp.did:c433aeb0-0a69-0043-ad67-aefd8a1b2e97" xmpMM:Original

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Warning_blk.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 155 x 136, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2340
                                                                                                                                                                                                            Entropy (8bit):7.846633957982799
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:EtDfZuMXtRcFH05EWPCLp60Q1/cb/oem1aHUPaGc4e4mwm:EtD48bcIcp60Qh+/oeCC7Sm
                                                                                                                                                                                                            MD5:6050EDE0EDF86C0CB1E93000FFCB627C
                                                                                                                                                                                                            SHA1:A28E3B8C5344F1D5DD145B9BD80F2E3655798350
                                                                                                                                                                                                            SHA-256:020E19B7DC88FDE6473BF002ED65622808C5B77D50B273A81AEF7E287FC950DB
                                                                                                                                                                                                            SHA-512:371283937CC3606ED899C1FDC8817E43B9DBF0263D430B83D87153D3844985F9F5AD1471AD240748BC227A420BD11CDE75A1FACFD8E8E0EB2615E8B507D5A074
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............#......pHYs...........~.....IDATx...q.7.......N.V*.SA...T`v.....H.P.. r..*.U.2..6%..pG|......XG.....`..>...yx...>..6..$.l/.....k..W.}|:....M<?.'3.S.......s.-..;........(.W....G....M..f...4.....u.^7*.36...p..>..^{.W.nR.6."x.o..4.8...!|.u.\1e..{........7(.S.'d,.n.sQ..$..W[,<..9k...C.q..n.........J....}T.........F....?B..B......G..;....vo..._i.0....3.Kl...NlA.]!.X.L.....c.T.+.....S..CY!..Yg.....Xx`xe+9.Z2...S....\..ZaP..^.66..........!D....~.?...z.z.M.{....&9,;.NF],..l.2.../14....E~.&.gXe.. .F.@....d.T6p....H.).Q!.)[bN..6.K..-....h9.#*...(=...7...el....:.J+M.+d..O4C..5\....\!.0..*...Z.Cs..`.e.u....A..0..Q....X5....0Q!..B.o.9.d.w.{. .(.]!#..._W.....8.z.Md._.V...aC.[.....q...b..j.-....K$....Q.l...=...l+j...0E.t..S.%Y.......g8..SYV..^.Y.....i9b......b...!..n..G.k.4}?..l....*.....C.kX.L..T.\..%..7.}WC...06x../...-PVk...G.3.G..Q...8I......ol..c..vR...j..9...yE.A..^.....3S.W7..V+......v...X..l..s'u...."...e...*,(..".......

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Warning_red.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 154 x 136, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2267
                                                                                                                                                                                                            Entropy (8bit):7.8636669830835295
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:7I1s/0OuyGJQmNgm5xazmEtY3r3JIS2aS1LvYX7BIG1Ayejzj:7IK0Ouye/azxoIkS5AX7BIa/Azj
                                                                                                                                                                                                            MD5:11BAFFF191DA71749104B9CCBF5FBAD8
                                                                                                                                                                                                            SHA1:BA6CB42E95FD177C5DB06A74B93CD0FD5AEFBD49
                                                                                                                                                                                                            SHA-256:1012143CE9B9009DE27EC83417BCB290998EC1D47642226755FE5BEAF018573D
                                                                                                                                                                                                            SHA-512:427D6CD7F71AD26C07590641BB9F31240C71FE7415BB256D1EB882AFFB13EC34D30835C8DB27924D5A44AD97677004FB2960B93BB206E3FC484E8A4196A47831
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR....................pHYs...........~.....IDATx...Y.9..e...W.\.!..U...H...n......H..*8. ..[.....ifg.G..{..0.2,...k.r.{0.p.....p.........V../..i,.p........x.Y.f.r... ..d.....w..S4.0\.........[..`....5.|..U..p..?..Q....s.....Ba....a..s..n..Q....,L.^...T.....q.0Z!...h.8w......S..O..s..G........).K.D.\....o...F~~..Vea..%... Wo...7......8...l....N....cP...(.m.=W;.;1...-...,.. ...=...C.;..h.....D+._...S4..H.A...;.Q.....nE.....d.....`.G..]...1.....Ao.....r.f...y...=..:sN.S,..C..9....o.V....v.T...P..;^.O.[.v.2.F...pu).mg.........m.V........3.gbA.3...a..;....(Z....J.-..X.}-..Tow..h\.........X........-.gc..]..X..gq..Y..:..X..v...3....t..q.h.v...6._I...hS..j......08l5A.=E...q9.gjy.PZT4..<ev.\(..9UkK......g...#..VD:....x...h..y.#.>.iV.".....><..6.E..1C.)...E.i..+..;g+&.m(Z.j.i.W..;.+Z.y..y....j~)>..E...%e.R.*^.d.Z.3.js9.@..}E..I.r.=t.J&,1t..]...U.......;...'W.Jf@.R.....!S..U..9.C....).h.^..DE[%><o......C.d.Z8<.{...7..s......h...i.+BM

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Webex_audio.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 720 x 788, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):66299
                                                                                                                                                                                                            Entropy (8bit):7.961523068971229
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:yaDvYOVbQEQjKJXDVCf7P/2qzYzpsL6/ET7B1d51pDKx4vnE:xDgCbQoJXq2wYzKzBnBGanE
                                                                                                                                                                                                            MD5:C63418D64D9F55FAE8983BB8E3390F22
                                                                                                                                                                                                            SHA1:EFB964CC281188199E67377EEF79915A2F47CA4D
                                                                                                                                                                                                            SHA-256:C7600F818D52DA2291188622BB31F89FD7C6CA5BB724BB75562AB80F8B380DA6
                                                                                                                                                                                                            SHA-512:593B13021E2F772299B48E5183ABF832237AE083124F34FDE0AB3B2FC90C163FD0886142AC4271455917713D92002F0249F6415DFE4056581500C648C2E665D4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............;......pHYs...t...t..f.x....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c005 79.164590, 2020/12/09-11:57:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.1 (Windows)" xmp:CreateDate="2021-04-30T18:27:18-05:00" xmp:ModifyDate="2021-05-01T12:58:43-05:00" xmp:MetadataDate="2021-05-01T12:58:43-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:4fcf30c5-2837-6d49-9228-8aaf4ce449fe" xmpMM:DocumentID="adobe:docid:photoshop:1e58d27a-8eb5-7043-9c25-a23e0fa28b76"

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Webex_video.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 720 x 788, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):225205
                                                                                                                                                                                                            Entropy (8bit):7.988659019849531
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:YzOPygYSjCzPltsEGUW1k+/5C8fBRNxPg3otp1xUxGQ:Y69azP49UGk+/bZRNZ4DGQ
                                                                                                                                                                                                            MD5:0B24AF962EFB65CF9D84D32F1051CB7F
                                                                                                                                                                                                            SHA1:AF93286939B3ED2FB8B4281E80A0616C2FD850AD
                                                                                                                                                                                                            SHA-256:A5C3F258AA8BC1B5113F9EE3EE68C0B494C0396DF89E64BA397809E5BAB98127
                                                                                                                                                                                                            SHA-512:29F3A99E33467CF3E92AE55E1CBBA5A0F8985F159F0A5583266CBA7AB66CB78F91D95D0AC97329835939290464CA2696EE339D65B79635D00481A4358BE88B61
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............;......pHYs...t...t..f.x....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c005 79.164590, 2020/12/09-11:57:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.1 (Windows)" xmp:CreateDate="2021-04-30T18:27:18-05:00" xmp:ModifyDate="2021-05-01T12:53:49-05:00" xmp:MetadataDate="2021-05-01T12:53:49-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:ee909eb4-bcc6-cf4b-b832-a231bec47261" xmpMM:DocumentID="adobe:docid:photoshop:57ed1941-e4ee-a143-aaa6-82c889b5b586"

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Zoom_audio.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 996 x 822, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):62003
                                                                                                                                                                                                            Entropy (8bit):7.882536706934873
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:DmQg8L4uOc2ALn9mKqYFrUjGE3ztVfasP+tbrpPS+plZ8qHK8mUSGlxGt6uu1ibH:Dm64py9lqYFkJVSV/YqqL8lwtnuMahb4
                                                                                                                                                                                                            MD5:33DEF4334217F9817B543EFE2BD011A0
                                                                                                                                                                                                            SHA1:A856001007EFA1275E2564B86640A376837C41F9
                                                                                                                                                                                                            SHA-256:6122D3A1745C83B68B99C595EB0AE24FCD06C2E1FA74F3AA67CDB2088592C796
                                                                                                                                                                                                            SHA-512:FD78545900E479353304D07B46CB5DF55822324A38BA717715C9C84DFCFAB16761D21A337D0B1C9420FC79C1C0898DA425F8DBDFE3F3FC306F5550EB21D778BF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......6........b....pHYs...t...t..f.x....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c005 79.164590, 2020/12/09-11:57:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.1 (Windows)" xmp:CreateDate="2021-04-30T18:27:18-05:00" xmp:ModifyDate="2021-04-30T21:10:30-05:00" xmp:MetadataDate="2021-04-30T21:10:30-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:13569480-ea61-a44e-b054-8352c2def7a0" xmpMM:DocumentID="adobe:docid:photoshop:766ddbae-3d8a-1743-bad8-2c7d64d35992"

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\Zoom_video.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 996 x 822, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):260289
                                                                                                                                                                                                            Entropy (8bit):7.986983765173423
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:Mituzb/ztF2V+J5d1/05VU2I7V96Kfka4L1+Q1833P:uv5QV0t0k1V968a1+QuHP
                                                                                                                                                                                                            MD5:28CA09E17FA6D684172BE70F5E88D5DD
                                                                                                                                                                                                            SHA1:562FEAAD833907F1ED1F0BE6AD54B3AE7A5A1E01
                                                                                                                                                                                                            SHA-256:54F0D37EED8C9CF43C71E168FA31CE0E58579C40B08C594B1C19F044FBC460E7
                                                                                                                                                                                                            SHA-512:B4CDFB8CB2BCFA19258C118C839947CAC2582A9201A29DA2C7E5E14B8CCA8D5BB49B035AF505CCD145FA8926C79B7CCF042D2948A21A76AA84890C64FE12E049
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......6........b....pHYs...t...t..f.x....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c005 79.164590, 2020/12/09-11:57:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.1 (Windows)" xmp:CreateDate="2021-04-30T18:27:18-05:00" xmp:ModifyDate="2021-04-30T21:16:24-05:00" xmp:MetadataDate="2021-04-30T21:16:24-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:9cba2451-d985-764b-93b9-d14c63061ffb" xmpMM:DocumentID="adobe:docid:photoshop:5d86836f-d0be-2a49-a299-386e92516686"

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\ham_menu.svg

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):330
                                                                                                                                                                                                            Entropy (8bit):5.119426182542363
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6:tccGS3mc4slZKYnic4sFvQoEGlBMfqGqR3laF4SK3lNkADT/HD38:tcFS3/KYh93Mfq93ladK3lNbDzHD38
                                                                                                                                                                                                            MD5:0C7F014CE9B23358D00BA953D9C44CCB
                                                                                                                                                                                                            SHA1:DF1752C78BC6BD78615783C512AA81302FC14D13
                                                                                                                                                                                                            SHA-256:A0F75FFC5C685A770D776661D354422DBA9DC17AA84885F6F35DB82106A7DF67
                                                                                                                                                                                                            SHA-512:3DEE488FA25CBD4F2DC6CB789D4BF29E48C1CBD320D6DD7CFF92042923745D868C4C0580B9FB499BB4699D7FFC6AC2D9FA80EC4330F8C8B4B685E9E4AE21373B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<svg viewBox="0 0 96 96" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="Icons_HamburgerMenuIcon" overflow="hidden"><path d="M11 30 48 30 85 30 85 18 11 18Z" fill="#FFFFFF"/><path d="M11 54 48 54 85 54 85 42 11 42Z" fill="#FFFFFF"/><path d="M11 78 48 78 85 78 85 66 11 66Z" fill="#FFFFFF"/></svg>

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\info-icon.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8329
                                                                                                                                                                                                            Entropy (8bit):7.832751646585658
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:nbj4rMvGOipjk7J9jjUkgTmdo9jU83jbZOwlVbDQMcYR9qH2Xo+c:nNe3k70adoNU8Tb7DbjR9E2Xo+c
                                                                                                                                                                                                            MD5:164EAD314AC3D2E989D23C9A2BF92509
                                                                                                                                                                                                            SHA1:01ABDBF23F0C579C8E7BEB94326EB0EC893DED2F
                                                                                                                                                                                                            SHA-256:188604E0436236A03272350C27A8E6EF96EDADD7E89F35975369F446A1D9DC82
                                                                                                                                                                                                            SHA-512:3FF029EE8321A2F333FB708FE5109CB86A97C5682C6FCBB558485E866400E5B5E9F901062E931CD37FF4AF5E6058FD8A9B72E9C7C59712541009E0278A068873
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............x......sRGB.........gAMA......a.....pHYs..........o.d.. .IDATx^..Oh.....z...4*....z..x..@/{v....7....:..`..o1xf..0<D .y..A.hF..L..2.A...%.I..G.u.}%]Iu..~..Hw.n.:u...I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$.....W.G.6......9.U{...??:......X.$."5..[g..i.............a8..........U.I.3%I....~..l.o./..'q.._.L....pfa.......I.$.S..;.nw^....:N...vzp0..L...H\..$.........~:..........|.L...lA\.$]_.T....../{......[..p.ecr.Q.x$IZO.S....Ag.u.......%..{.\:.$...kr6..o........7..6..$.u..~8.<..y<n.E.9.....K.j+.".....g..S...j...?....'....;...{.. .?..?r.$..A.....3...Y....g.]...f..n"...6.s...v.6.`@.F.|B..|..6\..0Uq..%I...9.........I.?...Y.I....g....u..>.qV@..\x.{.>^.BV...P.Vh..|o.8.nx.D..%I...~..|Z^..)]...i.WJ.._..+\......&w.P........TS...Q|!Kj..5y.@@R...~x+....j>..^...>.Ar8K..>.._....3..~8.p............cv .?......B5......i..:~.$i.mL.>.~.<K.ui..a.......k.H......n|

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\panic_button.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 135 x 176, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):12500
                                                                                                                                                                                                            Entropy (8bit):7.963895025939282
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:puDCg3GXRy+I3dfjFIK6Sdg9cA0g5LWqsjtT:vg3/trGn9cAXW
                                                                                                                                                                                                            MD5:DDC8FD60D7AC9B0F5B4A31F85941D910
                                                                                                                                                                                                            SHA1:D178CF17269863F9D66564BEDB0501B68B788D0C
                                                                                                                                                                                                            SHA-256:DDAF21F47792E18653DC4737562F0A50704D29C165FC6B0D79BACFFB52235032
                                                                                                                                                                                                            SHA-512:F2EC43E66913D43594326E08FC4D196561B6125B71E74A9158A1555458B09BA3B9B2633C53117FC65B614ED63CE5C16FC93713ABB10F29884271FB677245E5F1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.............%.}.....sRGB.........gAMA......a.....pHYs..........&.?..0iIDATx^...U......O..F%&&t...e.C.w..2. ..X.n4v.-...6, .X. ..P....L..{..=.n.R..#g=.........>wf.'..B.-..B.-..B.-..B.-..B.-..B.-..B.-..B.........B-:../..'M....I5?.>....73.O.0k../g....O..A..Z..un.uC+...4.._.6..Y3..z.../.05..Z..X...Y.Us...+.......x....^{.._}.._y........e..".....9...3f].... N..C..s..V5....E...J.....9"..o7.hv..f........}....=.....=..sO.s.}J.=.y.q.....7..fw.b...[...i....m>...f.)].X.q.D9.._.H;s.C.._.Z|.....y..po.....g.^Y`..5...2{g....._n..{f..o.....?.|..]....r...K..-~..W..<o6Wdz.a...3..N..n.T.x......-...f.D9x..!..L..!.&....q...*G. ..#.....?+.V}........V.... ......=.q...8.......6{C.xi....Hi.-....KY.~..KU2.9..u.w.L..r.......2'..".q.O.G$......%o.d .~ ...@-..*.C.....IM.....~.u...c..9.......Y.Q.....#...W)........2.:=u..).5....'$.~.[Y8.G..S....*..69..?Wu../(..../#..(/.~...+/j..3...0.H.a.{u.........j.../..u....R.Wu../E.M..D.....{r.).z..C.Q!....L...Q....

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\repair_icon.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 139 x 139, 8-bit colormap, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1175
                                                                                                                                                                                                            Entropy (8bit):7.6598667385130375
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:IAh+4Jr4fJLlxuQNJzPaS7ABIijx++53yyqDb2BBqLjWN4:IA/JyLlxrzSGAFL53Vq/Q2jJ
                                                                                                                                                                                                            MD5:E9FB3CF8B34D6CFB76978312E8B1D0AA
                                                                                                                                                                                                            SHA1:69382962C0C236B16B4153FF66F81241B4EB0508
                                                                                                                                                                                                            SHA-256:38CBCF4277F5C062906535018C6D5BB9DB86C1B90C1090CDB39C0A4398C86D93
                                                                                                                                                                                                            SHA-512:CCBBC2B407D7742BD7960C48FAA1F299CA43E5CC83A6204EAC9FE0534B3EBCEB5E23EAE462252B325AE4CB3DEDB264ABC657C8960D4836EAEAAE4BA28F2465AD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.............f......sRGB.........gAMA......a....3PLTE...`..X..Z..X..Y..X..Y..X..Y..Z..Y..Y..Y..Y..Y..Y....%]....tRNS.. 0@P`p........#.......pHYs..........o.d....IDATx^... ..`.......................GDP'6555555k:.....u=|..7/...n..{.shaa*.].G.i.q.......Pl..J`.k...{...i..I..r..@...?.A...4/X.fR.47..0(M..B....{.`.9.....&.._XmNf.i......4wXq.{m/7..D.1.....X(...$....wF.\a.KdM...',..k..N......a...@./m..|....,cg..@...{..OU.y.C.a.B....O^@....,..0..X.g.~.}..]...aR<5.....c........... .L.X.g..72|...+.h......S.x.f..-....,.Y.S8...s.t.1.....:."..S....(.5MI1...;.3.;.f8.#,.Q].!Rx...>.H.\.p1T.h..a...%,.C......:.L...R1tJ.M..C..Gh..C.+...M.C......J1/.'*q..b.:..c..e..V3.c&...(......wj.9!L.R$8.+...%....e.lWe_..f.;.J.1..b1..bo........,...R.T..J.R)X(..|.P"$.A.Z.C.`.P.!S.c......,.I).aS.a..R....FH)..S.1..mL.E..I..P(....haH..q....../0dJy..R....0)%1lJ9..R.#....)%0b.>&.....b2)..l..F...Q..`.(..5J>F...Q..a.))L..&v.#.$0...-.{.~...&.0.7@.)qL.a....Cu..%....@....g.peQ..P-1......+..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\teams_settings.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 755 x 396, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):51633
                                                                                                                                                                                                            Entropy (8bit):7.977056362115758
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:jnYsZO/yN01sa2DT8krc9ri/FVpQbSS8T7C8+GCM7bHacC0EIIA42xO:DYgO/p238bhiNfQeS78+GCQHjC0Dh0
                                                                                                                                                                                                            MD5:39728FCA44F75F4E8070E789ACA184D7
                                                                                                                                                                                                            SHA1:F4CAA9AC061752ED81720B03D5E56DBD322EC33C
                                                                                                                                                                                                            SHA-256:4A987D6FD5B338F3EDCBAF8C7C514076F44026DE4F11276C11335ECF3FDC3117
                                                                                                                                                                                                            SHA-512:363918CCA1424E2D0D927A1438C539BC38130936E893E42F9AAB370BB57FCDD4306BEB6B0B16E20A9E1B852A72051409BC1C54E052FF5C20E8CD5138271820DD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs...t...t..f.x...FIDATx^..`....V.h<..G6..l.......B.......-..h)V(EK.......~...m..M.J.A............g'..qb... .. ... .. ... .. ... .. ... .. ... .. .G.H___O...(..Dr1.......9..A<.......2e\.t.._..0........^..........'....W.R..I~9.... ...\*...........'/&..0.3....(....2..!.!.....^..n..8......A...FF..0'9S`.8.....W..%.S/..,.........h.....31.4..?l.......#..P.....Dh....<......zg''.g....g&.bL...IJrrHp0N..B\l,.x.#....R......s..e...%..Zt... .^p....Y^Vfll.K@lLL}]...8.%...anl.....Uzz:.Djf....i/..==\.P....P,f...X.07G...8(...wfF.:b."...Yaa!4........."..*1!..".....c^N.!.B.........<...XD$3..Q!R(.DEF.#.B%..^.Cw.A.?.Z. .G.N....r.u.....eZh(..E+.s..y.$.n@n..m#..q.a.0r...........0.w77L.y........oii....rpP...OMuuPP.^.1.........{...D.GZZ......../...mmmc...M..5)*,D........$d`..f...mee......0........ OxXXLL..........d.-<...:9:.S\.0.h...G.X..../.5.f..................a.......N...A...^..\.Y....NXo//..`^l

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\warning-orange.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 95 x 95, 8-bit colormap, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):855
                                                                                                                                                                                                            Entropy (8bit):7.436117043011675
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/7o4/fM/M6UG7NU/+04/0gira0+rfloGWVYSMlDhg9wFzPBziJuUQeJCctHu9:Ox6UyU/+jkra0ufllRm9wZP5fUNUctHg
                                                                                                                                                                                                            MD5:B2D1F94BB64D09B0A984994312A44326
                                                                                                                                                                                                            SHA1:D6E755583CF299DF6AB1131C9D94AA18ED5E7DBF
                                                                                                                                                                                                            SHA-256:B67CC2D62300EFC5D1AC008525E37269AD477BA57D0C6B0A6DEF5DD2EC5F8D72
                                                                                                                                                                                                            SHA-512:C28B92A2847AA5DD1D664B466C31837963121AA3B38615CF221AD9CAF81E5412F454EE0502C17042FED288B0984C5602F99D81BAADAC7876DF35A79E5ACEE57D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..._..._.............sRGB.........gAMA......a....3PLTE...................................................A......tRNS.. 0@P`p........#.......pHYs..........o.d....IDAThC...0.@........X...m >-...3;Q.C............@....R.aL./.t..L0.k..s........Q...[.;.v.t.`r...[..x.....P..'.....x...,n+......v.snn(;.,H......t.ssC.Q.......m.6.......j.......i....h8......8................q.a"7.2.v..b.....VN;..... ?...E.@7....tt....s....H&......$.mgs..m`...8.h....Y..........DS...t4q.B.GG..-..l_&j-pz.;Jw'2..#...K.<.....3..sQ.(..#..m%....Q..g.X.(?9..%.r....GG+.9l.l...>.....L.ZGq`.\.JGY.-cn.....ab#...Ql.9...k....|.....&.x,&....8wO.6!.G...Ud..y7..s..&&.(6...o...:.6.....T$.q.....\$.G.).o~....9..|...l*?....b..?......r..1.VY...l~,.9*..KD..w..2.......c`O...7E............ue..@..>&.."KR.ZM.u........R.$..3.....IEND.B`.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Images\zoom_settings.png

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 590 x 589, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):137156
                                                                                                                                                                                                            Entropy (8bit):7.99115996925414
                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                            SSDEEP:3072:Yk7BUP0qkRwSPdlu+RCq1G0pmWS+iFmKLvlj+DWEZMJYRp:Yk7C8qkRHPdlucCOPpmyRKDd+DW1ap
                                                                                                                                                                                                            MD5:337565E283405CBA53EF817465D7582E
                                                                                                                                                                                                            SHA1:813C6E741BA1E430547E615006F53C415309CA8B
                                                                                                                                                                                                            SHA-256:E6A0F5E41B147D59AE1ED49FE8F805516AFFFCB544EB10377A58C8A0F86FE50D
                                                                                                                                                                                                            SHA-512:5A2BF0CCF1B6254C2A5B498D42D3B6111BFB7D01D55BC540B7C568D06B208BEC7737FA16C48A3813A64A6EE5980E53F8428A55C22E46D2C56FB8D6B40901815E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...N...M.....H.m.....sRGB.........gAMA......a.....pHYs...t...t..f.x....IDATx^..@.......}..p~.{......N $A.!!.......A.....C.S.TRw{u/........i..N....of....{.((((((.kP.CAAAA...J........T.PPPPP..R......7..:......9........A.......o.*u(((((.sP.CAAAA...J........T.PPPPP..R......7..:......9........A.......o.*u(((((.sP.CAAAA...J........T.PPPPP..R......7..:......9........A.......o.*u(((((.sP.CAAAA...J........T.PPPPP..R......7.+u......e....+.L..s.+....D..b^.P.....w..R.6."....%....%o+.P.l..q.Pgs;Q.t;Q..WF]..:._D.U.z...*u..].....sB..Q..mC.........8..U.-E..h.-T....sB...n.2..N.9.f........U.'..l...s.j..%h....m........]..G.&.y.Y..{s1nX.....Ne&.....u3......!T...WQ......F....uN..uf.#T^w9......'J...3....S7R..((((w'jW.D...u%K[...'....,.VS.......F.n..<..K9..T.T..^......Q.......@....uN(........R....R..s..s>..A.N...JT.0.C((.5(..uN((+.J.U.....?.g?........-.d....o........Q...:..."...6....p.J..........S...E.oT[W...>...k``.@AAAA.m.7+..9..p.......*.....I.j..|#@m

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Interop.NetFwTypeLib.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):29464
                                                                                                                                                                                                            Entropy (8bit):6.455186824073041
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:VJGWtLDBqWg7I7BFQvW1xLfCOF33OOO3OOOO3O3fOOO3OOOO3O3B3OTFRxYLcTIg:DGpWg7g2TFOcTQwBy0SEYiQsrAMxkEd
                                                                                                                                                                                                            MD5:5A4B1ADF0BD4512A901CEAD9F65A2D5C
                                                                                                                                                                                                            SHA1:0A2DFED92FA035CC9EDAAFDB9CC7081E86741746
                                                                                                                                                                                                            SHA-256:99BC3DACB424B14C2E3D5F50600B0ADBE39949D577A7E062081A6D416321F9D2
                                                                                                                                                                                                            SHA-512:A77CA97C54C523B872244FFB42645884104C9F0A2B361EECDC96AB16F1FF62108472AD4897D9648E4191779D9120A478D74F46C5487F361A42E6F35BFCBE1AF0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..B...........`... ........... ...............................c....`.................................j`..O....................J...)..........._..8............................................ ............... ..H............text....@... ...B.................. ..`.rsrc................D..............@..@.reloc...............H..............@..B.................`......H.......P ..t?..........................................................BSJB............v4.0.30319......l....&..#~...&......#Strings.....8......#US..8......#GUID....8......#Blob...........W?.........3................*...................!...x...r.......k.............................I...k.I...............E.................R...........7.....q.....1.*.....*...............\.*.....*...w.#.....*.....#.........#.......E.............P.................................................&.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\MultiOnvifServer.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):694040
                                                                                                                                                                                                            Entropy (8bit):6.797959733322652
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:3JkgHpHfl7unn983HkCSamwpx8dDgX9C0p64zi:3iYpL3HxSaHpudDG9C084zi
                                                                                                                                                                                                            MD5:20B3E8BFD05EEBE45ED564825EF62B3C
                                                                                                                                                                                                            SHA1:FB3C5B2A48D7C5862D2DB081D6AF2936D6F91563
                                                                                                                                                                                                            SHA-256:9D72B7EC293B5771C4CB93422A805B25A767E972AED4ECC37915E36756CE5DB2
                                                                                                                                                                                                            SHA-512:09756AF93AAB914189DF5AC8800DFFEA2EC65685C50CF67E77526C241784058778FF9513B94B10CD649FA0E706C1477522D7A125E40DB3EBADFA3F3417E908B0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*..D..D..D.......D.[.E..D.r.E..D.{"...D.[.A..D.[.@..D.[.G..D...E..D..E.u.D.|.L..D.|...D.|.F..D.Rich.D.........PE..L.....\e.................8...8.......=.......P....@.......................................@.....................................@....0...............n...)...@...p......p...............................@............P..L............................text...i6.......8.................. ..`.rdata.."....P.......<..............@..@.data...@...........................@....rsrc........0......................@..@.reloc...p...@...r..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\config1_base.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2056
                                                                                                                                                                                                            Entropy (8bit):4.542339687773985
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:2dRE//EkMruCF9JzN8PzdKfomWfZAfqRX6hpQ9793/0AbhXI4X89:cpdR8Pzk4QfMtzNM9
                                                                                                                                                                                                            MD5:6D9D46649B405988650753948C8E374C
                                                                                                                                                                                                            SHA1:D73D605051D538D4ED9D2E8367D8977600046049
                                                                                                                                                                                                            SHA-256:54067968411799D76813CD2D980AA26D04E3E78632E6CE2747A555E30BF32690
                                                                                                                                                                                                            SHA-512:E451B77D2968DC9E6728A7EAEC5851FD7C79415FB8D2B95FDCF15EFC75C4FD065D1FDE0A593B5C7D49EAAE817BC39EBCA1F00C561711CF5FC8F3C2C7BE93719C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<config>.. <log_enable>0</log_enable>.. <log_level>0</log_level>.. <device>.. <server_ip>127.0.0.1</server_ip>.. <server_port>27182</server_port>.. <http_max_users>16</http_max_users>.. <https_enable>0</https_enable>.. <need_auth>0</need_auth>.. <information>.. <Manufacturer>ScreenBeam</Manufacturer>.. <Model>SB1100PLUS</Model>.. <FirmwareVersion>1.0</FirmwareVersion>.. <SerialNumber>123456</SerialNumber>.. <HardwareId>0.1</HardwareId>.. </information>.. <user>.. <username>admin</username>.. <password>admin</password>.. <userlevel>Administrator</userlevel>.. </user>.. <profile>.. <video_source>.. <width>[VideoWidth]</width>.. <height>[VideoHeight]</height>.. </video_source>.. <video_encoder>.. <width>[Vide

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\config2_base.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4246
                                                                                                                                                                                                            Entropy (8bit):4.59391160498296
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:cpdCtK8Pzk4QfMtzNMfdCQW/8PzkTCcMtexNM9:C1gZtzNktegJtYNW
                                                                                                                                                                                                            MD5:3907C753C5684A8E3E5F527D52BCC033
                                                                                                                                                                                                            SHA1:35C0132D2A728632439414DE9C00E450D4092E36
                                                                                                                                                                                                            SHA-256:83E20372AFDC7388F8310860908B0E1E5478C371AC97B28914C2FA176E52E2E9
                                                                                                                                                                                                            SHA-512:B31290F12774B1F85298D1A87C21B218FBF0C35A3797F4DA9B4841D448D46C54118F4D517AD5F01DFB2AEC6ED243C2FD65FD76902540DE19F1B5778056A5A5FB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<config>.. <log_enable>0</log_enable>.. <log_level>0</log_level>.. <device>.. <server_ip>127.0.0.1</server_ip>.. <server_port>27182</server_port>.. <http_max_users>16</http_max_users>.. <https_enable>0</https_enable>.. <need_auth>0</need_auth>....<camera_name>In-Room Camera</camera_name>....<camera_uuid>[CameraUUID]</camera_uuid>.. <information>.. <Manufacturer>ScreenBeam</Manufacturer>.. <Model>SB1100PLUS</Model>.. <FirmwareVersion>1.0</FirmwareVersion>.. <SerialNumber>123456</SerialNumber>.. <HardwareId>0.1</HardwareId>.. </information>.. <user>.. <username>admin</username>.. <password>admin</password>.. <userlevel>Administrator</userlevel>.. </user>.. <profile>.. <video_source>.. <width>[VideoWidth]</width>.. <height>[VideoHeight]</height>

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\ipsee.txt

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1519), with CRLF, CR line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):5127
                                                                                                                                                                                                            Entropy (8bit):5.331931775659372
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:o/OpOWBHl18Pe6HGbpOWBHl18Pe6HcpOWBHZ83ehebpOWBHZ83ehn:7pOWBF1ke6mbpOWBF1ke68pOWB5UeYbD
                                                                                                                                                                                                            MD5:A87DDC5D8B7E5D761FB916AF29B40BC4
                                                                                                                                                                                                            SHA1:B92C2E94D8B4536129F4B1ABD6525F32C09CE4ED
                                                                                                                                                                                                            SHA-256:6867B93F2F7E603F8BD1ABE82A19905018FE0634176C442A08F8ED83E8EB257B
                                                                                                                                                                                                            SHA-512:7CF4EBEDBAC013927454C900E57CADC59843F565D571DF7E89E56AA0D2A16680BBD2825D944365DAB7C47DB664DCCB8476ED51BEB36CB408049A2CA7AB530EBD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:[2021-08-23 21:52:25] : [ERROR] http_srv_net_init, bind tcp socket fail,err[WSAE-10049]!!!..[2021-08-23 21:52:25] : [DEBUG] onvif_device_hello, p_buf = <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:enc="http://www.w3.org/2003/05/soap-encoding" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsa5="http://www.w3.org/2005/08/addressing" xmlns:d="http://schemas.xmlsoap.org/ws/2005/04/discovery" xmlns:dn="http://www.onvif.org/ver10/network/wsdl" xmlns:tt="http://www.onvif.org/ver10/schema" xmlns:tds="http://www.onvif.org/ver10/device/wsdl"><s:Header><wsa:MessageID>uuid:30991b2f-72c2-24fc-5d79-2b1312437e85</wsa:MessageID><wsa:To>urn:schemas-xmlsoap-org:ws:2005:04:discovery</wsa:To><wsa:Action>http://schemas.xmlsoap.org/ws/2005/04/discovery/Hello</wsa:Action></s:Header><s:Body><d:Hello><wsa:EndpointReference><wsa:Address>urn:uuid:718a1fb9-27d6-3c95-6829-4ab318de4250</wsa

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libcrypto-1_1.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2434328
                                                                                                                                                                                                            Entropy (8bit):6.265968626461031
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:pQ1VVA2kTpvTDuW8VNd1CPwDv3uFh+0nU9:pQ1Vu5DuW8fd1CPwDv3uFh+0Q
                                                                                                                                                                                                            MD5:76F7CAAE87C6B10D73A48ADB64F02E05
                                                                                                                                                                                                            SHA1:A1A2325697B59B3BF1C2B915692F9F876DB422FC
                                                                                                                                                                                                            SHA-256:CC9FB81E2B8BB441E6F21B7DCE4EA9E6244687614CA96DDC4C4A5152AEC0B546
                                                                                                                                                                                                            SHA-512:0C63D56DE81BD1DC9D4836ED99DDF572CC20BFDD451C474B3F17DC06C1417940812D691FED5F283A28536C2FB1DF4A4B7DC4476BD8883150CEF3C207EA3C16CC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#..eg..6g..6g..6n.L6s..6\..7e..6\..7m..6\..7m..6\..7l..6...7l..6g..6...6g..6q..6..7...6..7f..6.. 6f..6..7f..6Richg..6................PE..L....o.^...........!................E.........................................%.......&...@...........................!.hg...U$.T.....$.|.............$..)....$..... g!.8...........................Xg!.@............P$..............................text.............................. ..`.rdata..............................@..@.data....Y....#.......#.............@....idata..J....P$.......#.............@..@.gfids..%....p$.......$.............@..@.00cfg........$.......$.............@..@.rsrc...|.....$.......$.............@..@.reloc..D.....$.......$.............@..B........................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\libssl-1_1.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):515352
                                                                                                                                                                                                            Entropy (8bit):5.814325336262614
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:pJ8sR6fYGsTRZ9vpHvG9ZiBgp/GidLzVaU2lvzXE5:p/Xsf8WaU2lvzXE5
                                                                                                                                                                                                            MD5:2D243F92BC544F00355E838609D90964
                                                                                                                                                                                                            SHA1:294C1A81472F999150F61AF48D03BC54C78CE1B4
                                                                                                                                                                                                            SHA-256:288B264F9439EBA229D29A00D8837696923E90095A360BC42C045C24D7A68F15
                                                                                                                                                                                                            SHA-512:095634D11F632629657454213E91A4F0A7C88A432E41A78689F928F1655B251FE579E1E9C7B1766130D6FA326B25F8E93262885521E2F6976A3531CF051A3E97
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{.7..xd..xd..xd.b.d..xd.Dye..xd.|ye..xd.D{e..xd.D}e..xd.D|e..xd9Dye..xd..ydL.xd9D|e..xd9Dxe..xd<D.d..xd9Dze..xdRich..xd........................PE..L....o.^...........!.........0......................................................c}....@..............................N...Z..........s................).......3......8...............................@............P...............................text...y........................... ..`.rdata...i.......j..................@..@.data....;.......6..................@....idata..3A...P...B...*..............@..@.gfids..%............l..............@..@.00cfg...............n..............@..@.rsrc...s............p..............@..@.reloc...:.......<...x..............@..B................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\runconfig.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):28635
                                                                                                                                                                                                            Entropy (8bit):5.2012587313035885
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:uJymAewyafBfBb3IyRcKjo8jmnCB8G289tn+Q8D/BOKJt28WH8mHmQn/rajAZxqg:Jj5B+xERuY7MIAIASkXS6XNQ
                                                                                                                                                                                                            MD5:612C974F0E3EA3B05914188CA96A0AA6
                                                                                                                                                                                                            SHA1:12D18BEBBDB5D03D21C2BE8E4F35CD4C8834FB7B
                                                                                                                                                                                                            SHA-256:9A37752D8A0B5E89DA83AFD9D65A22DA8781D1C74699B1FB78E324001D787A37
                                                                                                                                                                                                            SHA-512:5C4873A6A5FF06E07A06D5CF857E8E5929C7F8955900D2756F5D405C48A618B3A13DFFBF30FD2E26D49D4E9B15FA6B8AF3B9DDA2551052ED31F7F3364F2F9AC5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>...<config>...<log_enable>0</log_enable>...<log_level>0</log_level>...<device>...<server_ip>127.0.0.1</server_ip>...<server_port>10000</server_port>...<http_max_users>16</http_max_users>...<https_enable>0</https_enable>...<need_auth>0</need_auth>...<EndpointReference>f258763e-0959-4c30-b432-6729c72df070</EndpointReference>...<information>...<tds:Manufacturer>ScreenBeam</tds:Manufacturer>...<tds:Model>SB1100PLUS</tds:Model>...<tds:FirmwareVersion>1.0</tds:FirmwareVersion>...<tds:SerialNumber>123456</tds:SerialNumber>...<tds:HardwareId>0.1</tds:HardwareId>...</information>...<user>...<fixed>TRUE</fixed>...<username>admin</username>...<password>admin</password>...<userlevel>Administrator</userlevel>...</user>...<RemoteUser>...<Username></Username>...<Password></Password>...<UseDerivedPassword>FALSE</UseDerivedPassword>...</RemoteUser>...<SystemDateTime>...<tt:DateTimeType>NTP</tt:DateTimeType>...<tt:DaylightSavings>false</tt:DaylightSavings>...<tt:Tim

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\ssl.ca

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PEM certificate
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1298
                                                                                                                                                                                                            Entropy (8bit):5.792853162111365
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:LrDpMNpyvSq0pxpynh0YH0kcP0y7Fm8osGYeoeGOodxp1ha7K9A:LryjppnhkaL7FCsGYeoWipS
                                                                                                                                                                                                            MD5:CDAF1F178B74FDF227723E7516464254
                                                                                                                                                                                                            SHA1:85908E45E29EAAE60CE6D4EB90861B0C61DDDD89
                                                                                                                                                                                                            SHA-256:525CA5B085D6F9D4A4D7C4C7A2986E9E4E467EE1030E12EDF07C5E2812BD1C79
                                                                                                                                                                                                            SHA-512:44F7A7222075F63B7681B9C4C301D7F318B476E3518C4D3A76F21340BFC158AA5A01D7E523C5EC254D9E621D793F0D50C906063A3139717B6DA73B65F0406963
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:-----BEGIN CERTIFICATE-----..MIIDgzCCAuygAwIBAgIBADANBgkqhkiG9w0BAQQFADCBjjELMAkGA1UEBhMCVUEx..EjAQBgNVBAgTCUNhbGlmb25pYTEPMA0GA1UEBxMGSXJ2aW5lMREwDwYDVQQKEwhC..cm9hZGNvbTESMBAGA1UECxMJQnJvYWRiYW5kMQ8wDQYDVQQDEwZEYW5pZWwxIjAg..BgkqhkiG9w0BCQEWE2tpZGluZ0Bicm9hZGNvbS5jb20wHhcNMDYwODA3MjMzMTIx..WhcNMDYwOTA2MjMzMTIxWjCBjjELMAkGA1UEBhMCVUExEjAQBgNVBAgTCUNhbGlm..b25pYTEPMA0GA1UEBxMGSXJ2aW5lMREwDwYDVQQKEwhCcm9hZGNvbTESMBAGA1UE..CxMJQnJvYWRiYW5kMQ8wDQYDVQQDEwZEYW5pZWwxIjAgBgkqhkiG9w0BCQEWE2tp..ZGluZ0Bicm9hZGNvbS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOoE..anmsp8b0bUKiI7KeSEK0r6jUvKmP/DoPw2bMH8ufU3NrMrUxiqTWYw1hf21T9oZ/..75V1N4KPHE8XXuMLgAaIhBS1ynj2hrzqrK7+uVp+tV7Txwg8w/XoMRacMRLVk94W..eCHwC574sIq54EX0Ah6GmO4D045J4xiT595wB7ztAgMBAAGjge4wgeswHQYDVR0O..BBYEFDTJsJlw8ckQu3dWh5SGlXAQ03ECMIG7BgNVHSMEgbMwgbCAFDTJsJlw8ckQ..u3dWh5SGlXAQ03ECoYGUpIGRMIGOMQswCQYDVQQGEwJVQTESMBAGA1UECBMJQ2Fs..aWZvbmlhMQ8wDQYDVQQHEwZJcnZpbmUxETAPBgNVBAoTCEJyb2FkY29tMRIwEAYD..VQQLEwlCcm9hZGJhbmQxDzANBgNVBAMTBkRhbmllbDEiMCA

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\ssl.key

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PEM RSA private key
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):902
                                                                                                                                                                                                            Entropy (8bit):6.008844379962527
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:Lr4Rt7PVG5ju0j71GT86Ohq3B9avOcyh1uMRESsH6:LrEtgPjxX23Uxyfurq
                                                                                                                                                                                                            MD5:022C48439BC463BA3EC82002B5845A3C
                                                                                                                                                                                                            SHA1:2CD2A36E397287481E46B7E85477A70072127922
                                                                                                                                                                                                            SHA-256:B95A00C0C85DBF880BC9010CDB9C073B1665D5B4A940E05109A667438984A529
                                                                                                                                                                                                            SHA-512:50C44A1667095CC9DAA02A4D7150D82211A69A5E59B8BEC8108B94F8A4A115BA8DEED05F886FB1A25065179FD5F474CAA8B00BC85F8849389C80920A32755C08
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:-----BEGIN RSA PRIVATE KEY-----..MIICXAIBAAKBgQDqBGp5rKfG9G1CoiOynkhCtK+o1Lypj/w6D8NmzB/Ln1NzazK1..MYqk1mMNYX9tU/aGf++VdTeCjxxPF17jC4AGiIQUtcp49oa86qyu/rlafrVe08cI..PMP16DEWnDES1ZPeFngh8Aue+LCKueBF9AIehpjuA9OOSeMYk+fecAe87QIDAQAB..AoGAIZ9QzPqJgIRNzm0NQ/SJ3UuokVE/af1N9+mb4YEicFcL3mFgf7gGe3hx8tI3..RLXzjY+EFK0qtI9rOdHZyDU2x3MuqaxICq25GD8u5Sq5SEcqeIA3xgF2HcytkXoo..WRXjJF8hKypVTM6Q6ApYT0iSQylRYEk2FyRFXrmzSby5EgECQQD4QoWGwBOonO7y..Ar47ulgppx1uwOVW4tHP5gjTzr1+UKcyhNaWWkIKPm1MsDTB0K78SV06cfRpFWoX..k395zuq9AkEA8VA3qvhfDrwvL+7FN56S9X9dmMgyTpp5D+/Ay2EoXaw03wPDGUyu..0xpIL6AJV4+66op3DRGM+zdOX//i/DxV8QJAP5gqxD3ny0WIIA571KkDdIgOjhRz..qzInNO5kTH2lJPpcGiDVJ2avjBg5v29T1GI0sQPKEfKm/VQy/R8XhIhwsQJBANIl..6qTAsX+SkIFsrWE3foG/DlKMHYtoaP9g6oPzM4UH/+8rRo9UwXbkD3MyKpCPgdbZ..CL5fx2fLDTz7CcBiBvECQFTdSuvk4OaOgtw0aFn3JSsHGZI9uZLIcoRemOQNg1o2..0PXn+gNzVkz6mdTwdgLNoKWLZxAC9faG2HA3UlobZzE=..-----END RSA PRIVATE KEY-----..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\user manual.pdf

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PDF document, version 1.7, 25 pages
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):682431
                                                                                                                                                                                                            Entropy (8bit):7.869888364240819
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:A86ijIexjY7508+5xtPNWvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvK:A52Wu+cE33MO30BnHNT17
                                                                                                                                                                                                            MD5:A26BDC90611ED559EB76EB35EB8B5219
                                                                                                                                                                                                            SHA1:E739803561D958E6FBBEA50295C22218FFD3D23D
                                                                                                                                                                                                            SHA-256:0D9FA2A08AAE647FDD0014B4C0CF0951FF2A63BA4D7D2E5C0FF43769FA8BC8AA
                                                                                                                                                                                                            SHA-512:CD63F6D27DD2EEA26773A5D8B33322CEDA130510840B3AADFBF2D59CB3CE29F25EFD9CF0EFAA6ED51B78D937693BAFBB05A7B9431A53965A2D30FBFF5FBB7D98
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:%PDF-1.7.%.....1 0 obj.<</Names <</Dests 4 0 R>> /Outlines 5 0 R /Pages 2 0 R /Type /Catalog>>.endobj.3 0 obj.<</Author (Happytimesoft) /Comments () /Company () /CreationDate (D:20210802110638+03'06') /Creator (...W.P.S. e.[W) /Keywords () /ModDate (D:20210802110638+03'06') /Producer () /SourceModified (D:20210802110639+03'06') /Subject () /Title (Onvif Server) /Trapped /False>>.endobj.8 0 obj.<</AIS false /BM /Normal /CA 1 /Type /ExtGState /ca 1>>.endobj.6 0 obj.<</Contents 7 0 R /MediaBox [0 0 595.3 841.9] /Parent 2 0 R /Resources <</ExtGState <</GS8 8 0 R>> /Font <</FT14 14 0 R /FT19 19 0 R /FT9 9 0 R>>>> /Type /Page>>.endobj.7 0 obj.<</Filter /FlateDecode /Length 444>>..stream..x....J.@.....;.Z0f2.t.D......S..D.AA.....k...S)e..L....W..u..$.....^..6...=.....=........]..TQ..+F l.?.p.n.!)|8..r_..i...eir..U.....a...\....I ."S......t.=A..}J..;/..^..1d.%J....J...+x....0...J..Mn..... L[!.arDV.>/ i.G....1n....5ww....Z.}.;....|.........DQ.,.W.d......f...0J^..z/. ..q....0.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\vcruntime140.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):74520
                                                                                                                                                                                                            Entropy (8bit):6.849073361501379
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:lz2886xv555et/MCsjw0BuRK3jteo3ecbA2W86f7Qrx:lz28V55At/zqw+Iq9ecbA2W8CM
                                                                                                                                                                                                            MD5:16D54D972D54D9BA173E7047DA053EBC
                                                                                                                                                                                                            SHA1:42496689C880D5FC84A58771CA32FD23D04D63F2
                                                                                                                                                                                                            SHA-256:4FCA28A88ECA9EC5E82493AEA44E35FA2C798365019A1FB2DE658DBDA2B91DBB
                                                                                                                                                                                                            SHA-512:D0E2DD447D15A804B8D537D30FC839797A2BB24A66F4CF170B7863C23DB843FF0541ADD26A76706DDD6D3575D3B744610A299E1B85ECA2A61BCC767BD08C3D0D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0......\.....@A.............................................................)... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\LocalOnvifWin32\zlibwapi.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):402200
                                                                                                                                                                                                            Entropy (8bit):6.730528504742971
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:pLVeNa307jXrapwILWL9pMCsVohOn81Za7PGW698TB5vC0Tzhc:x36jALWL9OCmohOnqcGW698TPvC06
                                                                                                                                                                                                            MD5:5D8A2DC0D64047A42CE1758B8AEE0BA1
                                                                                                                                                                                                            SHA1:92189B2A3F516BF15BB55262489011F373050656
                                                                                                                                                                                                            SHA-256:EEC45B409153689030AC18574C3839B1A8506A0D00C55E9F094572E0D3C69BF4
                                                                                                                                                                                                            SHA-512:F155E765B57EDEC5E5F8E1B84F6BC55C318DFA89B2FD9F09D4767C0CF8A3CEC302B4059AF9514A6F6FAE7C443ED0F67C27D16AB42EDD1E552D559A3929CC68DA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........z.....T...T...T..yT...T..{T'..T..zT...T.E.U...T.E.U...T.E.U...Tq.CT...T...T...T>E.U...T;E.U...T;E.U...T>EwT...T;E.U...TRich...T................PE..L.....^...........!.........$...............................................P.................................................(........................)... ...$.....p...........................P...@...............h............................text...)........................... ..`.rdata..............................@..@.data... ...........................@....gfids..d...........................@..@.rsrc...............................@..@.reloc...$... ...&..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3567896
                                                                                                                                                                                                            Entropy (8bit):6.16216161588641
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:rOkuRMk0mZk7qDL2PtBLhM7RU7R2/8QcVYtk8:rOk4P4dmRU7R2/8QcV6
                                                                                                                                                                                                            MD5:517CA1ED1FAA9B1E8EE005F64DD4AA84
                                                                                                                                                                                                            SHA1:38691885E67D42743275EF918F6D5CDBF98B5794
                                                                                                                                                                                                            SHA-256:03CF2548381FDE6459EF6BDAE34A0A55E0E864A570EBC8BE6F0383DC0726F72F
                                                                                                                                                                                                            SHA-512:FC9AA41BC83E72468F0568A07EED14477C895D6404FCBEF43C41058953A5C8766F767608B54F6710C14BF97F82548B90DD729E6A23BB1BC006479E62FC638113
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..>6..........]6.. ...`6...... ........................6.....t.7...`.................................1]6.O....`6.P............H6..)....6......\6.8............................................ ............... ..H............text....=6.. ...>6................. ..`.rsrc...P....`6......@6.............@..@.reloc........6......F6.............@..B................e]6.....H........^...............g..X.,.(\6.......................................(F...*..(F...*..(G...*..(H...*"..(I...*&...(J...*&...(K...*>.-.~....*~....*^......................*"..(L...*...0...........r...p.oM........ ...oN...oO....r5..p.oP........ ...oN...oO....ra..p.oQ........ ...oN...oO....r...p.oR........ ...oN...oO....r...p.oS........ ...oN...oO....r...p.oT........ ...oN...oO....r...p.oU........ ...oN...oO...*.s.........*..(V...*"..(W...*..(G...*..0..-.......~....- r[..p....

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.pdb

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:MSVC program database ver 7.00, 512*3675 bytes
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1881600
                                                                                                                                                                                                            Entropy (8bit):4.153189992522293
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:joj++vd7wRRaHmTp4dg5uSdV0uRlqV9CNxoF4dj9j:+nRXH/g5ndV0yNZt
                                                                                                                                                                                                            MD5:94C8740D63B37C684DE2161DAB3F12A0
                                                                                                                                                                                                            SHA1:0D9D0A83BAA3A88DF4C81244215E310E0BA4FD94
                                                                                                                                                                                                            SHA-256:7D118A9927106081E6861212729B50B9954CDC156BEA7553D76A2E137D97A048
                                                                                                                                                                                                            SHA-512:3C97A442758325B8262015A47AF1BFB47F838C70557AC95AE8BCE9D5D87696344F46D928D1A99999CB8924A343EFCFD717F167030F6B2930A3B9CB3524D2CEBF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Microsoft C/C++ MSF 7.00...DS...........[....5......Z...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\MahApps.Metro.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):599672
                                                                                                                                                                                                            Entropy (8bit):4.694314470643874
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:NktMqadrRUnvQFqnhpcROFutFeBiR5b7TVjEqqpFL:3UCA
                                                                                                                                                                                                            MD5:3DEB13968C22CDE75D6F614DFA25758E
                                                                                                                                                                                                            SHA1:177E9B52A72AE157F70EA16D16F3E917BEBE3B79
                                                                                                                                                                                                            SHA-256:90AACC1B9F0325A081C1DC5BABC580D693A3D5CAB61905BE8D3E9BC2496F4ACB
                                                                                                                                                                                                            SHA-512:8269F6900AB3AE726D6D79C9135F1D46A8AE9192C88C7EE82CA6038CD25CC5CC30D7F5215D049CB17DEC8EA18F02511315E79C16F17A0148DEF46580B746F314
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>MahApps.Metro</name>.. </assembly>.. <members>.. <member name="P:MahApps.Metro.Accessibility.AccessibilitySwitches.UseNetFx472CompatibleAccessibilityFeatures">.. <summary>.. Switch to force accessibility to only use features compatible with .NET 472.. When true, all accessibility features are compatible with .NET 472.. When false, accessibility features added in .NET versions greater than 472 can be enabled... </summary>.. </member>.. <member name="T:MahApps.Metro.Actions.CommandTriggerAction">.. <summary>.. This CommandTriggerAction can be used to bind any event on any FrameworkElement to an <see cref="T:System.Windows.Input.ICommand" />... This trigger can only be attached to a FrameworkElement or a class deriving from FrameworkElement... .. This class is inspired from Laurent Bugnion and h

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Microsoft.Expression.Interactions.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):102168
                                                                                                                                                                                                            Entropy (8bit):6.1195437867134945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:Krf5GttgxHXEuRmG5rtkGY4CEmWAxXSSYhhS98ca2Wvsd65FJDlGWwkEyq7QTxz:i5GttWHXEUx5r65LxXshk8JDIWPqMl
                                                                                                                                                                                                            MD5:9865A667A6B6CC39EECE297FA758DCF9
                                                                                                                                                                                                            SHA1:C832B205EDE70FAF5FAB88C8E94DCB5E7820DF68
                                                                                                                                                                                                            SHA-256:0D6DABEF0EC8326177DDE11214C57341F18775A91D955B17ADC23AB6CA60826D
                                                                                                                                                                                                            SHA-512:269F5332470B791EB27D4B08A38441C58A16862ABCB7C40E91B1B37A03B525F3A62AD68ACF061BA17A99F6BA4D1B1D59A7AF5C171179DC6D9EF59799BC6DC156
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...eu.K...........!.....\...........z... ........@.. ..............................MX....@..................................y..K....................f...)...........x............................................... ............... ..H............text...$Z... ...\.................. ..`.rsrc................^..............@..@.reloc...............d..............@..B.................z......H...........L...........x...1...P ........................................z...y.k.....bdd I..`..).PsR@... .aL...%:...y.....XDgM.X}..~)2.v-..4..........EAZZ...,..[..H...o5*C.o...5/I.m.!2...#.:.(......}....*:.(......}....*...0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*"..(....*"..(....*..*..{....,..{.....o....*.{....o....*2.~....(....*6.~.....(....*F.~....(....td...*6.~.....(....*J.(.....s ...}....*F.(...

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Microsoft.Expression.Interactions.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (409), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):76763
                                                                                                                                                                                                            Entropy (8bit):4.535821308884759
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:+hRBEEny5f5YFsUxLvgLTGzJxKG4E+pZ1aI8a2GKvEGKGlMEYHDPrMp3hIr4Poqm:qvyFrMp3hc7oTi
                                                                                                                                                                                                            MD5:6183C17BCC82E2A2885A14B35FA50B1C
                                                                                                                                                                                                            SHA1:CE4E6A7BA118FA52DCD3C5E448F1FA26040E85E3
                                                                                                                                                                                                            SHA-256:6208068DD16A2C1C79FAA2E29CA029B59DE06CD66F16D9DC27EDABB8FFEBAD48
                                                                                                                                                                                                            SHA-512:B5140BECB6F72075BDFFB40DCCADD77A83B8836BE87FE2B3AB7AF18EAD85F6F9171B3E97640352BEB1DB64393CA67033EC09F7B2F95C85ADE795ECE866B39DF3
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Microsoft.Expression.Interactions</name>.. </assembly>.. <members>.. <member name="T:Microsoft.Expression.Interactivity.Core.ActionCommand">.. <summary>.. A basic implementation of ICommand that wraps a method that takes no parameters or a method that takes one parameter... </summary>.. </member>.. <member name="M:Microsoft.Expression.Interactivity.Core.ActionCommand.#ctor(System.Action)">.. <summary>.. Initializes a new instance of the <see cref="T:Microsoft.Expression.Interactivity.Core.ActionCommand"/> class... </summary>.. <param name="action">The action.</param>.. <remarks>Use this constructor to provide an action that ignores the ICommand parameter.</remarks>.. </member>.. <member name="M:Microsoft.Expression.Interactivity.Core.ActionCommand.#ctor(System.Action{System.Object})">.. <s

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):146200
                                                                                                                                                                                                            Entropy (8bit):6.131563704651892
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:zCPmFPD950+dzR1decbMn5TX55r4j2cM:GPmVDz0+d05T
                                                                                                                                                                                                            MD5:2A0A9315CE757BB9E65305A17967948D
                                                                                                                                                                                                            SHA1:51974883F5129FA902A6FDC157BDA06ADC378C13
                                                                                                                                                                                                            SHA-256:2AFF06C6139129769CA832BB6700FE065872E701ED7E0093A0A217B7F7D13F74
                                                                                                                                                                                                            SHA-512:44F0C188353CABB4BE8694B35D24F64EF9E2D5A99023FDF012265521951F8A924C8142844FD6470410638DEABAA77FA47271338D738820740A28514374977B74
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g............" ..0..............'... ...@....... .............................. .....`..................................'..O....@...................)...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......X....@..............8...4&........................................(-...*6.(.....{/...*..(0.......1...s2...o3....s4...}5...*..0..F........(6....{5...o7.....,0..+#..(8.........{5....o9........3...X...(6...2.*...0..J........{5....o:...,;(;...(v.........%......(<...o=....%..(>...o=....(?...s@...z*...0...........oA.....E............].......Y...*.oB...o#....+0.o!...........(C.....oD......{5.....(E....oF.....o....-......u#.....,..o......oG...o#....+#.o!.............oH....{5

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.pdb

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Microsoft Roslyn C# debugging symbols version 1.0
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):52032
                                                                                                                                                                                                            Entropy (8bit):5.334600855320652
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:Ho05puXM/mr0or4TKzkhq5WGneTfAp+A5cgWpORyUtAOHpZfDvdorxU5HMRI0xgm:1JWL4w2WtAOJFl4nkrvq3
                                                                                                                                                                                                            MD5:5C23C6B85B1BF45EB8B2B36014C24D87
                                                                                                                                                                                                            SHA1:EBFF7B739F015EB024A7FA3F947A39E02DC70E31
                                                                                                                                                                                                            SHA-256:FB216DDB86BD1E6053BF8BAD8E67557E2922D56D83B913197142C872907BC79A
                                                                                                                                                                                                            SHA-512:5BCE36466755B173512D9EBA3172B5194F9FE548E11718850DD4C239134729344CB00976A70E398AA5BA048AEAC64331E4A23F0E48272455C93530B95987D11B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:BSJB............PDB v1.0........|.......#Pdb........dW..#~..hX..H...#Strings.....e......#US..e..@...#GUID....e..Le..#Blob....fQ....N.A.|9..C.......W_.......... ...j...4...................'.......................@...............P.......................................................<...............1...................................................................................c...u...........$...6...m.......................................<...N............ ... ...!...!..B#..T#...#...#..[$..m$..#%..5%...&...&...'...'...(...(...)...)...*...*...2...2..a6..u6...8...8...;...;..^<..r<..G>..[>...A...B...B...B...C...C..MD..cD..iF...F...G...H...T...T...U...U..OV..eV...W..1W...Z..2Z...[..-[..,\..@\..na...a..[b..ob...b...b...b...c..Kc..ac...c...c...c...c..,d..@d..od...d...d...d...e..*e....................................,...>...5...=...m...............................0...7...>...J...[...b...............;...\...m...~......._...0...7...B.......o...........<...C...J...Q...]...............@.....

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Microsoft.Xaml.Behaviors.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (389), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):139226
                                                                                                                                                                                                            Entropy (8bit):4.53900325821367
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:+ZyjUyXsNaimE+YRwUxLvgLTGztxKG4E+pJ1as8a2G6vEG+GlGgLPgJRBy8nm0lr:F9gk/BUB0fYSt3Bl
                                                                                                                                                                                                            MD5:83A73589D5705D3A890253A6F8C140EB
                                                                                                                                                                                                            SHA1:27C092DBB481D0207FB160098BB4B43FB0D6E126
                                                                                                                                                                                                            SHA-256:0672969B6ADF9FC6D56873FF17FC8F45E9FEBC2FD6E997B19D5CB7EF2546DB70
                                                                                                                                                                                                            SHA-512:A18A29FDF055E2507A6BD2837FF1D9B6E9A0486B315C786FC86B49DC2229B8B167A7D103FB16EF342916324A08DF0EDCAEEAA2BFD0F4FF8862C63572C9AD371B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Microsoft.Xaml.Behaviors</name>.. </assembly>.. <members>.. <member name="T:Microsoft.Xaml.Behaviors.AttachableCollection`1">.. <summary>.. Represents a collection of IAttachedObject with a shared AssociatedObject and provides change notifications to its contents when that AssociatedObject changes... </summary>.. </member>.. <member name="P:Microsoft.Xaml.Behaviors.AttachableCollection`1.AssociatedObject">.. <summary>.. The object on which the collection is hosted... </summary>.. </member>.. <member name="M:Microsoft.Xaml.Behaviors.AttachableCollection`1.#ctor">.. <summary>.. Initializes a new instance of the <see cref="T:Microsoft.Xaml.Behaviors.AttachableCollection`1"/> class... </summary>.. <remarks>Internal, because this should not be inherited outside this assembly.</remark

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\NLog.config

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1434
                                                                                                                                                                                                            Entropy (8bit):4.900941090644329
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:JdNQjY8jsLoKaQe1W04pyaMMW04FzMSMpbP3KabFx2ldnD2cc/Or:3b8jbgpXMzFzMSMdvClJ7r
                                                                                                                                                                                                            MD5:5DD8A1A04E3B8E2CF8D8D0CA563A08F5
                                                                                                                                                                                                            SHA1:DD79976E4FB6D7799B83EF26569C0FF433662FF3
                                                                                                                                                                                                            SHA-256:8687718C6EB351CEFFBE09395A5F565790E4F784DA2A4464DC411960FD3BC99A
                                                                                                                                                                                                            SHA-512:8B472C76E9D4DD97775B72211D4C54A5A552CF60055B6A4F139EE224E6B483898D3607646FA285850DC2A990DDCCF84F71E6DCCF0B33D70F6E13009B0BEA233C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8" ?>..<nlog xmlns="http://www.nlog-project.org/schemas/NLog.xsd".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. autoReload="true".. throwExceptions="false">.... <variable name="appName" value="ScreenBeam Conference" />.... <targets async="true">.. <target xsi:type="File".. name="default".. layout="${longdate} - ${level:uppercase=true}: ${message}${onexception:${newline}EXCEPTION\: ${exception:format=ToString}}".. fileName="${specialfolder:LocalApplicationData}\${appName}\Logs\${appName}_${shortdate}.log".. keepFileOpen="false".. archiveFileName="${specialfolder:LocalApplicationData}\${appName}\Logs\${appName}_${shortdate}.{##}.log".. archiveNumbering="Sequence".. archiveEvery="Day".. maxArchiveFiles="30".. />.... <target name="debugger".. xsi:type="Debugger".. layout="${longdate} - ${level:upperc

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\NLog.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):888600
                                                                                                                                                                                                            Entropy (8bit):6.070730629271981
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:v1g1a9wdGNA9qQmDocTrP5rs3ekNuquwKUYaDyUsQ:v1g1a9wdGNA9qQco+rh0uqvKUYamUsQ
                                                                                                                                                                                                            MD5:264D058F7B81F04DB1226B445C2778E1
                                                                                                                                                                                                            SHA1:55EBACEF68FB44E256CA903111EA8CDFF5F74AF2
                                                                                                                                                                                                            SHA-256:27E547AA5109FD272B59EC0303CE157A4D44C95D3E1753F402BAAD3640D05F3C
                                                                                                                                                                                                            SHA-512:919C7F93A2F1EF66A26A468933406B5BD5F2C9D35D4E96417A64AE85A3914000840585A6E065E721FF31A38D69E3BA8BC427477EE08A6D3CA492E146488D0DC5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..X...........v... ........... ...............................w....`.................................<v..O....................f...)..........tu..T............................................ ............... ..H............text....W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............d..............@..B................pv......H........,...=..........Dj.......t......................................"..(....*..(....*"..(....*..(....*..(....*..(....*.(....*"..(....*...0..B.......~..........(b...~....,.~.....oc......+...(......od......,..(e....*........../7......"..(....*6.(.....(....*..0..........(.......of...&.*.(....og...*2(.....oc...*....0..?.......~..........(b...~....,.~.....oc...+...(.....oh...&...,..(e....*.........,4.......0..?.......~..........(b...~....,.~....oi......+...(....oj......,..(e..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\NLog.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (385), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1661000
                                                                                                                                                                                                            Entropy (8bit):4.576713883814205
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:3bDXjSkDsv6ZrgFOG3We13QixCx8ZaRIHp8TEKcQonqDhIrMBc+6z+beoX:PH15e8EKH
                                                                                                                                                                                                            MD5:CA532230EDE750DC11C7E26C521F382F
                                                                                                                                                                                                            SHA1:F8DB7F7BF3C5A7B68CAA072D79064EFC52F66ABC
                                                                                                                                                                                                            SHA-256:0840395F0EF1BFF0746895255C19AF38E7775D3C316892E94C6514E834E3BFB5
                                                                                                                                                                                                            SHA-512:5025B6EE3E9C56D902435D209C75A3A6A873B489656B0E42BDBCCEEE8F3B083A1F06B74AE436552E00CCEE0C1D0D6726408FECF2A68091B442E44EBC79B80929
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>NLog</name>.. </assembly>.. <members>.. <member name="T:JetBrains.Annotations.CanBeNullAttribute">.. <summary>.. Indicates that the value of the marked element could be <c>null</c> sometimes,.. so the check for <c>null</c> is necessary before its usage... </summary>.. <example><code>.. [CanBeNull] object Test() => null;.. .. void UseTest() {.. var p = Test();.. var s = p.ToString(); // Warning: Possible 'System.NullReferenceException'.. }.. </code></example>.. </member>.. <member name="T:JetBrains.Annotations.NotNullAttribute">.. <summary>.. Indicates that the value of the marked element could never be <c>null</c>... </summary>.. <example><code>.. [NotNull] object Foo() {.. return null; // Warning: P

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Newtonsoft.Json.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):704792
                                                                                                                                                                                                            Entropy (8bit):5.954758883448302
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:T9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3i:T8m657w6ZBLmkitKqBCjC0PDgM5y
                                                                                                                                                                                                            MD5:366041A6141D665927A3F622B257D2B9
                                                                                                                                                                                                            SHA1:D80B8843B81E175A6356FEAC9BF17D75A4B43BC0
                                                                                                                                                                                                            SHA-256:2B470C31D1C5933D5E01E778528B1416966220A0A286671144874072349D687D
                                                                                                                                                                                                            SHA-512:C6CB888BC5FD4769091DC2EAD8B8394DB7BD83521925C76385F71F52924CDFDD64760C379BD1575B67EC314BDADAB88F94AF9435CA9AEF727473A7AE595CBF4F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ...............................(....`.....................................O........................).............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Newtonsoft.Json.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):710224
                                                                                                                                                                                                            Entropy (8bit):4.632813781023419
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:XqqUmk/RikeaG0rH3jGHdl0/InHHpgVIeR0R+CRFo9TA82m5Kj+sJjoqoyO185QA:DUq
                                                                                                                                                                                                            MD5:F414B3F68FE7C4F094B8FE8382F858C9
                                                                                                                                                                                                            SHA1:66EE1B3266FCEDDE433B392156AB4A24262B2F34
                                                                                                                                                                                                            SHA-256:2D46B37B086D6848AF5F021D2D7A40581CE78AADD8EE39D309AEE4771A0EECCF
                                                                                                                                                                                                            SHA-512:19B2FEB40C2E9D4D20D9A21F88F6ECEA773060C056B8CBBD21A6EEC41486DC5FC101E6C31129B0D53466D04709BCD4ED777058DDFB02532242B43E253A7B24BD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Newtonsoft.Json</name>.. </assembly>.. <members>.. <member name="T:Newtonsoft.Json.Bson.BsonObjectId">.. <summary>.. Represents a BSON Oid (object id)... </summary>.. </member>.. <member name="P:Newtonsoft.Json.Bson.BsonObjectId.Value">.. <summary>.. Gets or sets the value of the Oid... </summary>.. <value>The value of the Oid.</value>.. </member>.. <member name="M:Newtonsoft.Json.Bson.BsonObjectId.#ctor(System.Byte[])">.. <summary>.. Initializes a new instance of the <see cref="T:Newtonsoft.Json.Bson.BsonObjectId"/> class... </summary>.. <param name="value">The Oid value.</param>.. </member>.. <member name="T:Newtonsoft.Json.Bson.BsonReader">.. <summary>.. Represents a reader that provides fast, non-cached, forward-only access to s

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):56088
                                                                                                                                                                                                            Entropy (8bit):6.322783434897543
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:UkCPMBRD49uC70Ky9xbLwLJ7ElKntB7QpxrP:EPMz4s9xbLwN7ElKntBMDP
                                                                                                                                                                                                            MD5:68A66193731581F66D18F4C0B756D002
                                                                                                                                                                                                            SHA1:7F16918BD95A7A1BF79E5024419A7EAFF3C50FC5
                                                                                                                                                                                                            SHA-256:626CAA6AEAD7562B2E0EA77CD0375CEC00566200F6358A953AD95E96D4055884
                                                                                                                                                                                                            SHA-512:FAABB09687B1E4B1FFFE5C8F949EF0D87A806CEDA14097D1FBFA639C05D772B1A53364A68374AEBEED9FF533287F0454118C2EC40CCF57670E66BC5CB0584422
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...m............"...0.................. ........@.. ....................... ............`.................................=...O........................)..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................q.......H........F..pr..........................................................>. 4......("...*2......o#...*:........o$...*.0..,........o%...r...p $...........%...%....o&...t....*&...o'...*..((...*...0............r!..p..s)...}.....-.(2....(*...*(+...s....o,...(+....o-...(+...o....o/...(+...o....s0.....o1...&..o2...(3...}.....{...........s4...o5...*..0.._........~....39(+...%-.&+.(....%-.&+.(/...(+...%-.&++(....%-.&+ (6...&+..~....3.(+...%-.&+.(*...~7...*..0..S........{....,..{....o8

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.exe.config

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):189
                                                                                                                                                                                                            Entropy (8bit):4.986033023891149
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:JLWMNHU8LdgCzMvHcIMOofMuQVQDURAmIRMNHjFHr0lUfEyhTRGOGFvREBAW4QIT:JiMVBdTMkIGMfVJ7VJdfEyFRzSJuAW4p
                                                                                                                                                                                                            MD5:9DBAD5517B46F41DBB0D8780B20AB87E
                                                                                                                                                                                                            SHA1:EF6AEF0B1EA5D01B6E088A8BF2F429773C04BA5E
                                                                                                                                                                                                            SHA-256:47E5A0F101AF4151D7F13D2D6BFA9B847D5B5E4A98D1F4674B7C015772746CDF
                                                                                                                                                                                                            SHA-512:43825F5C26C54E1FC5BFFCCE30CAAD1449A28C0C9A9432E9CE17D255F8BF6057C1A1002D9471E5B654AB1DE08FB6EABF96302CDB3E0FB4B63BA0FF186E903BE8
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />.. </startup>..</configuration>

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\SBConfDiag.pdb

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:MSVC program database ver 7.00, 512*259 bytes
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):132608
                                                                                                                                                                                                            Entropy (8bit):3.7367234561117266
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:L+Z2ZTTM1ldA+TnAGrpqOF052IeUfQV5kGgv1s5zM6265QCuhdgl9gKfU0dSsJfA:ZfQ7Eds5zM6F5cfg8EU0dSsxNfQ8IsY
                                                                                                                                                                                                            MD5:5DAAA783F426B37DB9254F6063054D6F
                                                                                                                                                                                                            SHA1:7756681B5C157B1503EE8E576DF7B94B0C5D30A5
                                                                                                                                                                                                            SHA-256:5B78D9816A463FBDFF8F0B7E6D0F8AB206C0EE5437049DB88BBE09CEFA648CE7
                                                                                                                                                                                                            SHA-512:389C3F11A8A0FC4178EB99BC3DA0BCFCD75B2540688C50434B396FA34F043D3FFB91B63D8B997ABC9F8AA309D7387ED58A3C3046447DCBABB76384D1D53D1E15
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Microsoft C/C++ MSF 7.00...DS........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................8..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\SBConference.Common.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):55576
                                                                                                                                                                                                            Entropy (8bit):6.483068689026689
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:LLXeNPlvBp41PItj3U8gD9AzFELhPsFVYxN7QTx3:LLXeNPlvj41PItj3KDUFSPaYxNMd
                                                                                                                                                                                                            MD5:92678FC8ED4682798690FBB4068F87E4
                                                                                                                                                                                                            SHA1:15102795B1997642D51A4B9B41C5772CA30C8D7F
                                                                                                                                                                                                            SHA-256:9C758770439967517A38B0253487ED7C274A86D5FDA347829D3D69D1C47CA41E
                                                                                                                                                                                                            SHA-512:77705B9C3AA66751D50B1249803391F515A27F20054F41E1C266858EAF22190DFCF12716FEB370B5CDE95D79C7467F64CC7A84C44B170783962C28279BD323E4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}.\e.........." ..0.................. ........... ....................... ............`.................................|...O........................)........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........8..........\...h............................................0..........(@...*.*.0..o....... E0..(%....~.....o.....(....,..+..+.-..(0....(0...(.....o...... .0..(%....o......o.....,..+..+.-..(0...*.(0...*..0..........~.... .0..(%....(0...o...... _1..(%... @1..(%...(....o....o.... N1..(%...(.....(0...o.......,..+..+.-..o.....~.... .1..(%....(0...o...... _1..(%...~.....(0...o.......,..+..+.-..o.....*........@[...................0..........~.... .1..(%....(0...o......

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\SBConference.Common.pdb

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:MSVC program database ver 7.00, 512*75 bytes
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):38400
                                                                                                                                                                                                            Entropy (8bit):3.097681309335531
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:CwFyFr8sKK8PuuN/qtMfrdAU8sKH8Pu1dL:CwFyFr8sKpPua/xdR8sKcPu1d
                                                                                                                                                                                                            MD5:EE633CA4D9B35855BBE69FE010669F1D
                                                                                                                                                                                                            SHA1:174460DC05E7272F4D7EED7457067849E60DB4F4
                                                                                                                                                                                                            SHA-256:F3F3104207128C7DC15F0CFD00A3F7A0E4DCE8C3F3AF49EC34D8B4797CEE9E4C
                                                                                                                                                                                                            SHA-512:9EAEF0A16F144CEC11B0BDE9297C6BE994A4E2BC9CF5C266B913E5F21CE613B2B1034E7C29001B84971B42B3CE2B316288534625898CF36ED3E3F9E975010FEA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Microsoft C/C++ MSF 7.00...DS...........K...........G...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\SBConference.Model.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):150296
                                                                                                                                                                                                            Entropy (8bit):6.2877503298419954
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:dkYDVm7z6Irlqnq6O5KwVrVREFZogSXqiOpsDRgQt6lWQIcNVbx5CBvM:bV6Tuq6nyvgQt6lWDg15C
                                                                                                                                                                                                            MD5:D4B807F8663CFEACF31F20627ED822B4
                                                                                                                                                                                                            SHA1:AD8FE8AB50255E15EF0FD593F1A8A9FDD18324A6
                                                                                                                                                                                                            SHA-256:55D7914441A4036CD83B7331DF7ED2D4D7F7314B0C65F195D6B23B18F4DD14FB
                                                                                                                                                                                                            SHA-512:704A5A7BB68645201451D82A333FC2FB94A78D0EF86A4F408EB11B00C1809A614EE3F8BC9AA0A1D7511CD9E2D8F89FC38F5B9ACC72F9E72198AABB03DD8B1109
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....\e.........." ..0.............N8... ........... ....................................`..................................8..K....@..............."...)...`....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B................08......H.......H]..............0J...............................................0..........(!...*.*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*...0..@................... 5,D. L..aeYE....\...v...H.......i....................... ... ..U.Y ..Y.Y;........ ;... ...X e...X ....cYE....k.......8.... x.F.f .F.X ....ce* ..c.f ..c.X* .5.(f ,.&.Y* .... ...X ..`.Y* ..(. ....a ..."Y* .... ..;.X .E..Yfe* <.. .f..a .w.Y* ...

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\SBConference.Model.pdb

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:MSVC program database ver 7.00, 512*603 bytes
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):308736
                                                                                                                                                                                                            Entropy (8bit):3.834445533967522
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:KjycJHj8tzak4wMfwTUk+6SnTcS6BfnRJu4UA7pjvU+1VQAudYBEUX4qQaX20Y1I:KK7Mfwg16BfREUpj9VBEUQGvksMijI
                                                                                                                                                                                                            MD5:DD83BE7A8D153599847AB74DDF3862AE
                                                                                                                                                                                                            SHA1:ACE562EC1CE7E881858160CF33687D037F80D369
                                                                                                                                                                                                            SHA-256:9BC9995A776A9187422863F32B2A044F5FE3A47362D77DC6092FD3315F3430FE
                                                                                                                                                                                                            SHA-512:828DBA5B0D57737CC77FCB0943941DF7D394A326DCBFCB2DB4ACCBD09617666134C514B80C418BAECE661312445346FBAD3818C855CE03034946B09362190772
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Microsoft C/C++ MSF 7.00...DS...........[...........Y.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................?..........................................?................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\SBConference.ViewModel.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):48920
                                                                                                                                                                                                            Entropy (8bit):6.126747189424118
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:X4yhv8fqk6HrbN63C4rmPZvfZmcUWcm+9dT2snd3wDYiQcAMxkEfDe:dFRZf/85wD7Q6xPe
                                                                                                                                                                                                            MD5:CBE1726392A16F4B21426CA238CA631A
                                                                                                                                                                                                            SHA1:F1A67F610D4FB70CFC2A9635692C7038E2301581
                                                                                                                                                                                                            SHA-256:B57AE1DCFA2AECE1A46444F6689867C5CD8946D94256C4C445CE89A02B7E51F9
                                                                                                                                                                                                            SHA-512:C6DCDE2F588B9F55D535500A469AC5C25FD53FD558FBAD1260275E394F9B4FD2087046B7076EE018E3807215C54490E7402A6E10C0A90692D5E1EFD1FC2903F6
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ....................................`.....................................O........................).............8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........B..<i...........................................................0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*b.{....%-.&*..s....o....*..(....*..{....*"..}....*..{....*..{....*..{....*..0..^........(............s....s-...}............s....s-...}............s....s-...}.....r...p(......(&...*...0...........~....(.....(....o....("....(....o....(*...(...........s....o....(...........s....o....(...........s....

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\SBConference.ViewModel.pdb

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:MSVC program database ver 7.00, 512*287 bytes
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):146944
                                                                                                                                                                                                            Entropy (8bit):3.7902276258653957
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:9fLv4i06+dm9GDIEPabRijzVGY8o5oEOhifrIEx5oEOh:5XCUEZVatThdE8Th
                                                                                                                                                                                                            MD5:42E55BB9138A8AD19838E7F4A2057F20
                                                                                                                                                                                                            SHA1:8398755E3092D0C0FBC37AC66DA40CCB98D286E2
                                                                                                                                                                                                            SHA-256:9C8D881E88E6EFF0ACF5A5C749371FA3FFAB30CFA22024987D6143A878589BCF
                                                                                                                                                                                                            SHA-512:50E4B1AA50E159B4B43B9474B50647E636E3D6DD1F3568344CCA5A7218363CC15A7208850D1179CB8024901245B049FB7D70CC53890E1E1D3EAE9B876E99F2E2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Microsoft C/C++ MSF 7.00...DS...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4066584
                                                                                                                                                                                                            Entropy (8bit):7.989893157539629
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:98304:MsK37HlDgP9VSUMiAvuLAEJUQV67X1S56ZhsaHB2wSrjXl:MT35MP6UIuLFUQ+W6HxurJ
                                                                                                                                                                                                            MD5:EF47EF719F6B1292D17C6085CC3B9B90
                                                                                                                                                                                                            SHA1:B8A39ABAA12564A2D5DA818D59FB8A06261C653F
                                                                                                                                                                                                            SHA-256:36F7471E268F4E2D15382AB02491C78D4DE0F4DA7108D35BB10C8A3369D4F9AD
                                                                                                                                                                                                            SHA-512:D071C19F4E40384F3BD1C99A988683E110955145CCC0B27EDBC8E53B4456A9BC7CF058D7A90E54FDC92A4D8D080C15BA033939DACACB048B8367506ADE58F0FA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{.\e.........."...0...<.........^.<.. ........@.. .......................@>.....7p>...`...................................<.K.....=...............=..)... >...................................................... ............... ..H............text...d.<.. ....<................. ..`.rsrc.........=.......<.............@..@.reloc....... >.......=.............@..B................@.<.....H.........<.|U...............;..........................................0..........(x...*.*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.0..U.........(.....(....+j...(h...a.+O...(h...a.+....(h...a.../XE........$...1....2(.....+....XE........!...N......+..5(O.......+.+...(h.......+...%YE............I...]...q..............8h...8W....(....o......8E....s....%.(k...o....%.(h...o....(......8......o....(.......8.....s.......(h....8............s....(......8...

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.exe.config

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):933
                                                                                                                                                                                                            Entropy (8bit):5.0355202174457405
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:JdErnJM9zsfFgCJsPuAHGPF7NruH2/+Y9y:3ErnJM9zs6Gyumu7Yg+Yw
                                                                                                                                                                                                            MD5:552EC6CC1F2349624ED0015E3B765A98
                                                                                                                                                                                                            SHA1:B95938B153783194DBC664D4AB4C60FF5C350B7D
                                                                                                                                                                                                            SHA-256:A793490AC3AF49279521B305B3C5C9B9A2A8EF6D1A684BA228E4B68E9A7B5C5F
                                                                                                                                                                                                            SHA-512:6567E66701E5CA16897D40C53BE5E3415A021E70D75D8593AE9D6AB5BD265A09DE8973DFCA3AEEE7BAD0E09275732BA835B7D87A84EE7DA0C8EA4522A989418E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />.. </startup>.. <system.serviceModel>.. <client>.... <endpoint name="NetTcpEndpoint" address="net.tcp://localhost:16669/Service" binding="netTcpBinding" contract="SBConference.Common.IService" />.... </client>.... <diagnostics>.. <messageLogging logEntireMessage="true".. logMessagesAtTransportLevel="true" />.. </diagnostics>-->.... </system.serviceModel>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Numerics.Vectors" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.1.3.0" newVersion="4.1.3.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\ScreenBeam Conference.pdb

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:MSVC program database ver 7.00, 512*251 bytes
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):128512
                                                                                                                                                                                                            Entropy (8bit):3.9446313331430574
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:bdEKENVTmV18AzjLCierdAiYWgi421cLld2SNPcOnqPUwu+fV7lZETvTrXNVTmVb:CnUk97l+TrX9mU
                                                                                                                                                                                                            MD5:0F2B7DAC752BB8D6F9355D3C19066136
                                                                                                                                                                                                            SHA1:0DF783B1D9446D44E35CC9EA5BEBDCEB686367CC
                                                                                                                                                                                                            SHA-256:D4120425EDDBBE64BD34D02791745C16580F736EB382066663DCEDB3B6CB2F5D
                                                                                                                                                                                                            SHA-512:574CEABB9D87892B5AF6BB2209CA4A2476516EBD9166718B9BFF2985DBDB5CD8D7D43C0244C76B2D23142068EA0763BCFDAC9EED6DA5C5E9287C9C771BDC97D0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Microsoft C/C++ MSF 7.00...DS...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\SharpDX.DXGI.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):160536
                                                                                                                                                                                                            Entropy (8bit):6.281292806431808
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:9K9VX2/egy/giIRVFmXeMlGEs94P6MLrUPBBuOpKUsnj80T+EaDnsPPxbTp8fnTc:9KDXEeFc7KeMlGEsBPsUWq/jFYelgZM
                                                                                                                                                                                                            MD5:64055F4D8272F56AE7140974BC8C42A1
                                                                                                                                                                                                            SHA1:A30F7AFAA05F2B8CA1FD1D384FF5BDC1B0223EA8
                                                                                                                                                                                                            SHA-256:C213A4F1C4FEF1DAF31A6B16D1A251E3C13889AB95AFBECB34AB9AE02C414274
                                                                                                                                                                                                            SHA-512:A1188BA3AC76295544678D3C3E4F06327ACDAF676CABBD22664372E25553931677DED8B98C505004F8DB41331C87392BFDD586B302ACD845928D31FCB4456421
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...x4.............!.....@..........>_... ........@.. ....................................`..................................^..O....`...............J...)...........^..8............................................ ............... ..H............text...D?... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............H..............@..B................ _......H.......x................................................................(....*..(....*..0..8.......s.......o......(....~....(....(....-..,...o....+..o....*.0..............(....*...0................(......(....*J......(.....(....*...0............(.....(.......(....*...0..............(.......(.....*..0..-.............(....~....(....(....-..,..o......X.+..*"..(5...*Z.~....(....-..s....*.*....0.............(.....*...0..F.......~......{.........{....M........ZXM)....(.....~....(.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\SharpDX.Direct3D9.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):349464
                                                                                                                                                                                                            Entropy (8bit):5.895056002324099
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:xjqoeIm08rQRRaTPNKr6hwAdQ7qKCJdj5Q:xjqoeImLrH9hJQ
                                                                                                                                                                                                            MD5:9A688BAEDA135DC316214B17BFF8A878
                                                                                                                                                                                                            SHA1:78F1938D743AE6AB021CF1DCA77E18261CBA99DA
                                                                                                                                                                                                            SHA-256:85D58026468C6F7712B5186231C1923DE896FAEDAE74D89628476FCED6D2E264
                                                                                                                                                                                                            SHA-512:E0DC3BFBCB864D6210FE2C69ADDA945EBAB62CF81CCF796CA94903F196C9B9DC805B6B77EA25D0182830EC6AAD21690B2FF72B78071A71AC57E9D23CF45B1A2B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.............!....."...........@... ........@.. ....................................`.................................4@..W....`...............,...)...........?..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B................p@......H........................................................................(x...*..(....*b(.....3...(....*..(....*j(.....3....(....*...(....*:..-..+..(....*...0../........s....(......+..(......s$...o......X...o....2.**.{-......*...0..C........{'....0ci ...._.{'.... ci ...._.{'.....ci ...._.{'...i ...._s....*..0..L........{-...,>.{-...../ .....{-.....cX.{-... ...._.c.{-... ...._s....*~....*~....*..("...*.0...........|..........(.... ....(....}$.......|..........(.... ....(....}%

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\SharpDX.Mathematics.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):226072
                                                                                                                                                                                                            Entropy (8bit):5.654688899392737
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:0RpzojglcletW1yZLJ80UOEgS8DOnL6dCZrGxamas0Ank/uy1WWZjUjY1xC/Bytd:61BE5L6xy1WWZjUj47
                                                                                                                                                                                                            MD5:A8D6A2721A284BE9BA4B0F39F7E888E1
                                                                                                                                                                                                            SHA1:D1FB0AC17269D0AD42E8962861A30CCE0694685E
                                                                                                                                                                                                            SHA-256:487A368419824B136F9713BDB64341B56BCDFD888F56AEA20A80D8ECB994160E
                                                                                                                                                                                                            SHA-512:97358FEFBAF102357F1A728EB0B4B375512837E4948C9C570A1334ECED77DF5A97BDDE79299ED9D3A0E879DA66986D62030F40208AD8E93C460AB57658BC4C0B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!.....@..........._... ........@.. ...............................7....`.................................._..S....`...............J...).......... _..8............................................ ............... ..H............text....?... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............H..............@..B................._......H.......x....?............................................................(....*.0..Z.........}.....E................$...+/..(....}....*..(....}....*..}....*..(....}....*."....}....*F..}.......[}....*.0..A........{....l#...`.!.@(....k.."..I.5.."...@X.+.."..I@6.."...@Y...}....*....0..*........{...."...@]..l#........4.."...@X...}....*2.{....(....*6..(....}....*2.{....(....*6..(....}....*.0..:........{....(......"....4..l(....k...Y"..pBZ*.l(....k...Y"..pBZ*...0..*........{....(.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\SharpDX.MediaFoundation.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):567064
                                                                                                                                                                                                            Entropy (8bit):5.786795272150284
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:E6gB96kgNEh+jVLm7SVTZ+YS5dXnuqhciIgluGvSfTaDu:ESDEhum+F45dXEiDu
                                                                                                                                                                                                            MD5:20C17E2824A914ED7DCA8ADEF73ACD3A
                                                                                                                                                                                                            SHA1:9ED6ED37AA40690E40ABD7EB28106DB28A9EBC72
                                                                                                                                                                                                            SHA-256:EA9550238E6DE8742F3E983676711CC652DA4272C02AC76CEB2F20B11B755474
                                                                                                                                                                                                            SHA-512:9BB436AD5652B2CF168C072655BD9420C417A6E82A4B912679B7F3790E4AFDCB46E1A7D5A98E7DDF037FE29EFFA60BBD2B1F2FF45AFC7AF8F9D2C1E62C74A54D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q..............!.....t..........N.... ........@.. ..............................H.....`.....................................S....................~...)..............8............................................ ............... ..H............text...Tr... ...t.................. ..`.rsrc................v..............@..@.reloc...............|..............@..B................0.......H.........................................................................(....*.0..'.........(...........(....(......(......(....*..0..............(.....(...+*.0..%............(....(....o.........(.....(...+*"..(....*Z.~....(....-..s....*.*....0..8.............{.........{....M.!.......ZXM)....(..........(....*.0..,........{.....{....M.".......ZXM)....(.......(....*.0..,........{.....{....M.#.......ZXM)....(.......(....*..*.~....*..(....*..(...+*.~....*..(....*.s.........*...

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\SharpDX.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):281880
                                                                                                                                                                                                            Entropy (8bit):6.179349450192092
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:RNGAHSuAfn0xDI+enjgpjgAvZgDlq514bA383R5QAfSgaZoqej16x3aG37B6Hy7j:OAyOEkfBgDlq/M3rQMSN2d1Wqo/Ic
                                                                                                                                                                                                            MD5:D74177A4B7183489E1D6B3DDC01A9035
                                                                                                                                                                                                            SHA1:DF91E04EB944A6C50674FF2F21E020C0C8B70033
                                                                                                                                                                                                            SHA-256:347E78B235D5FA7E5E6B01740EDEF26B55FD6A0735A506DD1FC8C7C54764ABB0
                                                                                                                                                                                                            SHA-512:918C6FE8225E80CE0952D45EF2B42ED27E46F8BCB25A617A2AC7CAEEFCC887E20E33B4721A298E71F704D07A18DA3179F5AFB63636063B3910BBA63397E9C4D1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K..............!.................;... ........@.. ...............................[....`.................................L;..O....@...............$...)...`.......:..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................;......H.......L................................................................(....(....*..(....*..,..(....&*.0..1........{......-.r...ps....z.|......X.(.......3...X*..+.....0..9........{......|......Y.(.......3...3..%o....o.....o......Y*..+.....0..9........o....t/.......q....oh.....M~....(....,.~I...(Q...*~B...*..{....*"..}....*:..}.....(....*....0..[........(......}.....~....}.....{....,:..i........}......(...+Z..(....}......+......(......X...2.*..(...........}......(...+Z..(...

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):64280
                                                                                                                                                                                                            Entropy (8bit):6.290990573439475
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:SYe5uO+LcqmQWE1EwULYFaue+7nF107Qux:Sl5u7A5EeUaunJ10M
                                                                                                                                                                                                            MD5:A59A2964CADCE1E6BB157D88C3B85AB0
                                                                                                                                                                                                            SHA1:12D6A020C548BEA189C6955FDD35FF780F40124E
                                                                                                                                                                                                            SHA-256:22998AD8EED3BEDF7D1DD439B5CFCAEBFD9CFE0D5CB2A91A02A04D32CEBE9F10
                                                                                                                                                                                                            SHA-512:7CD7394C59BE71047886A282F8AABFD1756DC46D5E51688C09280520E4A350BBF4E59AA838ED83E913FED77FE36AF0344A9C851C16CC6A78574AAE61DBD85A2D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Bwl..........."...0.................. ........@.. .......................@............`.................................q...O........................)... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......4Y..d............................................................0..D........(....(...........s ...o!...("..........s#...o$..........s%...(&...*.0..;.......(....r...po'...,.(B....((...*..r...p..s)...}.....-..((...**..0.._.......(...........s ...o*...("..........s#...o+..........s%...(,....{....,..{....o-.....}......(....*zs....%.}l.........s/....(....*R..o0...(......o1...*..0...........(.......(....*N..o2...(.....o3...*..o4...u....%-.&ru..p.o4...(5...s6...*J.r...p.s7.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.exe.config

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):189
                                                                                                                                                                                                            Entropy (8bit):4.986033023891149
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:JLWMNHU8LdgCzMvHcIMOofMuQVQDURAmIRMNHjFHr0lUfEyhTRGOGFvREBAW4QIT:JiMVBdTMkIGMfVJ7VJdfEyFRzSJuAW4p
                                                                                                                                                                                                            MD5:9DBAD5517B46F41DBB0D8780B20AB87E
                                                                                                                                                                                                            SHA1:EF6AEF0B1EA5D01B6E088A8BF2F429773C04BA5E
                                                                                                                                                                                                            SHA-256:47E5A0F101AF4151D7F13D2D6BFA9B847D5B5E4A98D1F4674B7C015772746CDF
                                                                                                                                                                                                            SHA-512:43825F5C26C54E1FC5BFFCCE30CAAD1449A28C0C9A9432E9CE17D255F8BF6057C1A1002D9471E5B654AB1DE08FB6EABF96302CDB3E0FB4B63BA0FF186E903BE8
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />.. </startup>..</configuration>

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\StreamPlayback.pdb

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:MSVC program database ver 7.00, 512*295 bytes
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):151040
                                                                                                                                                                                                            Entropy (8bit):3.7625146843055375
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:pFQdS3gVUDit2w2eflHwUr3MiyjCdG7GVV4kDA6Ziy0lYkDA:pFQdAitn2qwUr3p7VV4kDAZLlYkDA
                                                                                                                                                                                                            MD5:3ADD5FDC896B38683C251DA1AD6128BC
                                                                                                                                                                                                            SHA1:588FD99903588E38A11AC532754DB1946AFA76E3
                                                                                                                                                                                                            SHA-256:696334D3707F55432B4BEC3A43DC23D9BEB9E994D4D1D9B40CAACEBFF8B68FE3
                                                                                                                                                                                                            SHA-512:A1405D66AD8AFB2946800D7573EF601C86B3FDC50DD0879693AADF1ABDC465962B066B3AE6B8E3319A78643B685D2FE94A86B5C368DEA6646878407D2818912D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Microsoft C/C++ MSF 7.00...DS...........'...|.......$...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Svg.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):759576
                                                                                                                                                                                                            Entropy (8bit):6.352488921850293
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:xjyerCn3SG4tGFGU+NzJHomqU6V1jnQxZdlCG3pFb6KtXX2nrfSNT6v2q6wU:BrCn3S0GfNzP76V1jnQxZdlCG3pFb6Kx
                                                                                                                                                                                                            MD5:DD648F15AD4FC0D36C09E31ED036DB1F
                                                                                                                                                                                                            SHA1:E94BC627210EA23D67D614DE7D59BE58EB8E5C10
                                                                                                                                                                                                            SHA-256:3E92E71DEF625E8AADE2F1689CABB2CBC1D0DBED855FE94B38251151E70D7688
                                                                                                                                                                                                            SHA-512:1B8CE9DE2417D974C09A1BAD4B1AB1913A75C635C09B54F87334A6FBEBCD2C52FA7B9F746357AA77194A0DBDBF7A5166D6EE8DC798C67FC733693183F0B57AF3
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`............." ..0..f..........J.... ........... ...............................l....`.....................................O....................n...)..........8...T............................................ ............... ..H............text....e... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B................,.......H............q...........w................................................(6...*..(6...*..(6...*V!.'.......s7........*J.o.....o....s>...*..{....*...}.....o_...r...p..L...o......o....*..{....*...}.....o_...r...p..L...o......o....*..{....*...}.....o_...r...p..L...o......o....*..0...........{....,..o....9.....(....(Q..."...@[..,.".......o.....s8...}.....{....o9....(.........(9.....o...........(H....X..{......(:....Y..(;....Y"...@.Z"...@.Zo<....{....o=....{....*...0...........o..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Svg.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (621), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):168793
                                                                                                                                                                                                            Entropy (8bit):4.530149376990327
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:ReWZtlVd41Oqi0H1Oqi02Vx5cnJ1OqinzP48Y4Q26ga68xFdJLyuipkyhg1+e1pl:AWHZ5QZ8T6gsJLyuiyyhwTpCN/24K
                                                                                                                                                                                                            MD5:7AEE18F5FD135B525FEEC66BB2AED5D3
                                                                                                                                                                                                            SHA1:2B6C577F4AD8C5BFD704394AEB7F2C056E3FB21F
                                                                                                                                                                                                            SHA-256:882E2B07E327779A7C917ACA4B2B22D8F8D1F55B79BD8576418F980FB9770179
                                                                                                                                                                                                            SHA-512:F4DFE5DCA00A9504F0EE9ABCEC03AC334901400BED6411C9FEA7891DBCA2EA7F7E92B43620C83A36984B4A2CDDBBB77170CD23BF2149B2B842E7D7BAC76359C5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Svg</name>.. </assembly>.. <members>.. <member name="T:Svg.SvgCircle">.. <summary>.. An SVG element to render circles to the document... </summary>.. </member>.. <member name="P:Svg.SvgCircle.Center">.. <summary>.. Gets the center point of the circle... </summary>.. <value>The center.</value>.. </member>.. <member name="M:Svg.SvgCircle.Path(Svg.ISvgRenderer)">.. <summary>.. Gets the <see cref="T:System.Drawing.Drawing2D.GraphicsPath"/> representing this element... </summary>.. </member>.. <member name="M:Svg.SvgCircle.Render(Svg.ISvgRenderer)">.. <summary>.. Renders the circle using the specified <see cref="T:Svg.ISvgRenderer"/> object... </summary>.. <param name="renderer">The renderer object.</param>.. </member>.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\System.Buffers.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):22296
                                                                                                                                                                                                            Entropy (8bit):6.663572921828433
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:NICREYcfpyXOT9Z7a6WmYWXyIYiQ32LAM+o/8E9VF0NyD:NIiE9QXM11YiQMAMxkE
                                                                                                                                                                                                            MD5:EA81754CADD08398CDCE1835C2D1F0F3
                                                                                                                                                                                                            SHA1:D3E3F6B44DD08C4BFC8AA462FB37F8AE27652D51
                                                                                                                                                                                                            SHA-256:8CD8370FFD01CBDB6E345436B76DBB58AA8886275E59BE55330F292C27B830E3
                                                                                                                                                                                                            SHA-512:B92389977A5F1A43EC03692BB28C15024D702D85F510349AB7AFA657CF94E6AD2A504303F710751D6395844F0E22FEB19DF8BC3DDAFC925A0709B34B7F567C5D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....oY.........." ..0..$..........:C... ...`....... ....................................@..................................B..O....`...................)...........A............................................... ............... ..H............text...@#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................C......H.......h'..p............?..X...0A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*..(....*R. ...(...+%-.&("...*^. ...(#....(...+&~ ...*.s%...*"..s&...*..('...*.*....0........................((

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\System.Buffers.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (634), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3195
                                                                                                                                                                                                            Entropy (8bit):4.750160458439205
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:3iRtamCGLiVMgLGTKLG0LG8hLGRpWG79NmGM9TLGoA96cmgKxnGu7gMcXFFfYK8L:ySm9iVHAKv3hQt9Y9TXAixbewKXHSH
                                                                                                                                                                                                            MD5:0C727C6CF7E10FB85310C46EC17AC47F
                                                                                                                                                                                                            SHA1:F7C922B32655DA2732CDF9E980DAD7337EA87D5E
                                                                                                                                                                                                            SHA-256:5047E342F6E3860E8B37B77207D5E10C5007E07692777EB504D0CED628DA022C
                                                                                                                                                                                                            SHA-512:32D95683A8AE55E0EAA6A6C401B01E1ED50389C2382EDBDD05A59A39AFE78FB8BB10E49FF4696AAF702B98AEE0A2AC4857EA330AE133AAFEAAC3B514EFBE2EA4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?><span>..<doc>.. <assembly>.. <name>System.Buffers</name>.. </assembly>.. <members>.. <member name="T:System.Buffers.ArrayPool`1">.. <summary>Provides a resource pool that enables reusing instances of type <see cref="T[]"></see>.</summary>.. <typeparam name="T">The type of the objects that are in the resource pool.</typeparam>.. </member>.. <member name="M:System.Buffers.ArrayPool`1.#ctor">.. <summary>Initializes a new instance of the <see cref="ArrayPool{T}"></see> class.</summary>.. </member>.. <member name="M:System.Buffers.ArrayPool`1.Create">.. <summary>Creates a new instance of the <see cref="ArrayPool{T}"></see> class.</summary>.. <returns>A new instance of the <see cref="ArrayPool{T}"></see> class.</returns>.. </member>.. <member name="M:System.Buffers.ArrayPool`1.Create(System.Int32,System.Int32)">.. <summary>Creates a new instance of the <see cref="ArrayPool{T}"></see> class using

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\System.Memory.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):143128
                                                                                                                                                                                                            Entropy (8bit):6.161350840044269
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:Rxi8ae06y7Q0kSutmvEmFk0pBa/+h8k/6kY2F8xB0dhqABtx5yoG9Ql7QUx:P0vDkSutmhFpYqtDqAhjMQlM
                                                                                                                                                                                                            MD5:92E9ED62426DBCE0112800A2BC999B18
                                                                                                                                                                                                            SHA1:F291AC240FD09AEF2A7CBACA294C48F6AF83D426
                                                                                                                                                                                                            SHA-256:84592BE7E0AFF52340162EE074707F08DFBB4365875B84909A3DF82DD4F0EB82
                                                                                                                                                                                                            SHA-512:B69C59C5889126A21C00819E8B48261E2DE3ADEE9E9EF6478EE5F84C1BFBD0C1AFCA71F29F1ADC203E1769E0EC29F847474F6AEE7D5B1E574C7EBC76CD27BDB6
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...U..\.........." ..0.............b.... ... ....... .......................`............@.....................................O.... ..8................)...@..........8............................................ ............... ..H............text...8.... ...................... ..`.rsrc...8.... ......................@..@.reloc.......@......................@..B................C.......H........,..L...........,.................................................((...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....()...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o*....{....(a...*..(....zN........o+...s,...*.(....z.s-...*..(....zF(U....(O...s....*.(....z.(V...s....*.(....z.s/...*.(....z.s0...*..(....zN........o+...s1...*.(....zrr...p(\....c.M...(O...s2...*.(....zBr...p(Y...s2...*.(....z.s3...*.(....z.(X...s4...*.(!...z.(_...s4...*.(#...z

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\System.Memory.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):13950
                                                                                                                                                                                                            Entropy (8bit):4.749162715500682
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:19SSrAVfjSE0wxiMiLiLiXdCjticiciAiJiziPNjNei5i9zhi+ipOUTJ:1gbXKKXppPmcPi6LmJ
                                                                                                                                                                                                            MD5:ADD19745A43B2515280CE24671863114
                                                                                                                                                                                                            SHA1:CF44E6557FDE93288FF2567A002A69279965CABA
                                                                                                                                                                                                            SHA-256:D5714C96607EB1A9D0F90F57CA194D8A9C3EDE0656A1D1F461E78B209F054813
                                                                                                                                                                                                            SHA-512:8D7E564FA61411B5C28F29B07855DD112687EDCB39B991803C7C7DE67B6894B309102AC9B52409B56B7BB5C9101EB4CDFB21FCFBF5D835E4A153E188CB97CC87
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Memory</name>.. </assembly>.. <members>.. <member name="T:System.Span`1">.. <typeparam name="T"></typeparam>.. </member>.. <member name="M:System.Span`1.#ctor(`0[])">.. <param name="array"></param>.. </member>.. <member name="M:System.Span`1.#ctor(System.Void*,System.Int32)">.. <param name="pointer"></param>.. <param name="length"></param>.. </member>.. <member name="M:System.Span`1.#ctor(`0[],System.Int32)">.. <param name="array"></param>.. <param name="start"></param>.. </member>.. <member name="M:System.Span`1.#ctor(`0[],System.Int32,System.Int32)">.. <param name="array"></param>.. <param name="start"></param>.. <param name="length"></param>.. </member>.. <member name="M:System.Span`1.Clear">.. .. </member>.. <member name="M:System.Span`1.CopyTo(System.Span{`0})">.. <param name="destination"></param>.. </mem

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\System.Numerics.Vectors.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):110360
                                                                                                                                                                                                            Entropy (8bit):5.471742610061083
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:HpKSyD3hoE3PQU9xb1iPKHKWU//6hE2rkQQP7QSx:ESyLhZ/X9xb1YKqn/unQPM
                                                                                                                                                                                                            MD5:33039AFCB40C405490C47FB4C068FC18
                                                                                                                                                                                                            SHA1:E3B539B5FF66D68B7B8CEF45E417C1F66069FEE0
                                                                                                                                                                                                            SHA-256:87CA267BD9535ED1A04E12E3007D6D41015FE7E103AF549907F58AFCE643217C
                                                                                                                                                                                                            SHA-512:BEE24BFAF1CE0BD56AEC5AB3BDB1B8EFF986DD0C907FD2E23A8C3AF43D830FF6DADE6E83BAD57C6780E79F1E521F9522F8141D238873B5741DC7683971C81974
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....oY.........." ..0..v..........j.... ........... ..............................ef....@.....................................O........................)..........t................................................ ............... ..H............text...pu... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B................K.......H.......,S..0>..........\.................................................(....*&.l(....k*&.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(....*......(....*...

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\System.Numerics.Vectors.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (640), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):183543
                                                                                                                                                                                                            Entropy (8bit):4.784775080568946
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:9zlgmfTCpKdUqMGFYBlF8Yza2HbyJtJZJ9JaGN4AscoqrbuCeBqaiaIacasa7c12:9zhfTD227fX1HKg1agk
                                                                                                                                                                                                            MD5:A556041FB2F0F8ACFB89FCE08A9DE8F0
                                                                                                                                                                                                            SHA1:E2A3B3ACB380A4EB626B44FF6EE04A37110A3389
                                                                                                                                                                                                            SHA-256:996E11F72E5BB4F58B080CCAF94C325F8CABB175070DDE109516A5069ED17708
                                                                                                                                                                                                            SHA-512:116D6C3C98E0CC70718A7B0CE38826FDE8EF00CFE9A8D00C721BC1BF2297F39A5B256143BA6568A87BC6D0506D53A3BAE12B7899655454536DEC13AC455B2A17
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?><span>..<doc>.. <assembly>.. <name>System.Numerics.Vectors</name>.. </assembly>.. <members>.. <member name="T:System.Numerics.Matrix3x2">.. <summary>Represents a 3x2 matrix.</summary>.. </member>.. <member name="M:System.Numerics.Matrix3x2.#ctor(System.Single,System.Single,System.Single,System.Single,System.Single,System.Single)">.. <summary>Creates a 3x2 matrix from the specified components.</summary>.. <param name="m11">The value to assign to the first element in the first row.</param>.. <param name="m12">The value to assign to the second element in the first row.</param>.. <param name="m21">The value to assign to the first element in the second row.</param>.. <param name="m22">The value to assign to the second element in the second row.</param>.. <param name="m31">The value to assign to the first element in the third row.</param>.. <param name="m32">The value to assign to the second eleme

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):18200
                                                                                                                                                                                                            Entropy (8bit):6.648450282504482
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:sqTO1PdhW1YWxv2IYiQ39WivAM+o/8E9VF0NyotV:sq6PSzDYiQFvAMxkEaV
                                                                                                                                                                                                            MD5:06475F3703A87898E379560D7AB30906
                                                                                                                                                                                                            SHA1:89DBEF8D1863B2FFF6112B6C6F7BB93D820F9C89
                                                                                                                                                                                                            SHA-256:13955A27D7F36DCB9D5A18DB3BE3888067150254E11C08B7584A05292C1CF529
                                                                                                                                                                                                            SHA-512:A809EDCE2743350E39F0EF41FCDBEEC20BAC806E8F976CAAA41AD4014AEF4337F5BCAE22631D43DD70E7E3F325F4B355D284466C6ECBF94DA010A64CBF571EC7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..[...........!.................1... ...@....@.. ..............................v/....@..................................1..K....@...................)...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H........#......................P ........................................|......<...rp....O..Ih.VvI..a,...%...(..@...7.v..v..N..x.6.._.....H^c~s_...]..Q@.,n.H(..CN..Q..<...%N`H..MV}%'x;.A.1..E..^.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0................*..0...............*...0...............*...0..........

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\System.Runtime.CompilerServices.Unsafe.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):14080
                                                                                                                                                                                                            Entropy (8bit):4.739717678047703
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:1/uXuAB8fmAc26yQew6griJriurt8rtTpkE+EDJOgOha/MU:1/A3WfmAc2rQew6griJriurt8rtTpkEX
                                                                                                                                                                                                            MD5:26CD9E7E8A62BB97CACE4E4AC16987A0
                                                                                                                                                                                                            SHA1:E705414BE72B4866BC3AD02B9529656014C63CB1
                                                                                                                                                                                                            SHA-256:63E32EBB4B26C25F65DDF26B5FA9D7147A9C8B45DF355DB90AC706AFEC980036
                                                                                                                                                                                                            SHA-512:AEF9CF14E85D954E86B7C9A3AB35398DE0E1EE97A6CE383F82BCE789DCB2355C8AB781007F88B2D5E8F94D2E4CF940319FE0BF746E937F600F8425CA885973CD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Runtime.CompilerServices.Unsafe</name>.. </assembly>.. <members>.. <member name="T:System.Runtime.CompilerServices.Unsafe">.. <summary>Contains generic, low-level functionality for manipulating pointers.</summary>.. </member>.. <member name="M:System.Runtime.CompilerServices.Unsafe.Add``1(``0@,System.Int32)">.. <summary>Adds an element offset to the given reference.</summary>.. <param name="source">The reference to add the offset to.</param>.. <param name="elementOffset">The offset to add.</param>.. <typeparam name="T">The type of reference.</typeparam>.. <returns>A new reference that reflects the addition of offset to pointer.</returns>.. </member>.. <member name="M:System.Runtime.CompilerServices.Unsafe.Add``1(``0@,System.IntPtr)">.. <summary>Adds an element offset to the given reference.</summary>.. <param name="source">The reference to add the offs

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\System.Runtime.WindowsRuntime.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):22808
                                                                                                                                                                                                            Entropy (8bit):6.59722848195557
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:RB9g5l+A3VVdCRdtOfd7TCUBQ4BX8JZa6Si5HsOgrE2WGCWcIYiQ3k4ERjCAM+oc:n9g5HVVX12fsOgrE+ZYiQdERCAMxkE
                                                                                                                                                                                                            MD5:8BF565C3B4739548E05A404360595E00
                                                                                                                                                                                                            SHA1:2D5138CE9C0FB61AAC5DE604F0744EC65D2781EC
                                                                                                                                                                                                            SHA-256:83212769257617A8B1C5CB2698C471577346D32A5FF7B9A5B06932CFB2BC450B
                                                                                                                                                                                                            SHA-512:F689541CD056EF7D14F956B7BC3FB848756F41799C83DE30E9017B72D625CEFDB2517814D2B24F5C3A69990C32DC3C0E0A4109EF19A8A931966F42FFD6DC712E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP...........!.....&...........E... ...`....... ...............................:....`..................................E..S....`...............0...)........................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H.......<#..\"..................P ......................................'o...Ab]+.^nz..w..fBw..W.r..D..0...|..fc.x.@.J.S......_..t....&].. ~.8...t..j.j.W...g...d %..:/`b..X.q~....s.[G!]otwD..m...*..*..*..*..*..*..*..*..*..*..*..*..*..*...0...................*...0...................*...0...................*...0...................*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..(....*..*..*..*..*..*..*.*.*.*.*.*.*..*..*..*..*..*..*.s....z*#........*.**#........*.*..*..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\System.Runtime.WindowsRuntime.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (541), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):76981
                                                                                                                                                                                                            Entropy (8bit):4.819464476297391
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:YNa7Vx5ughg2y1eEics/2cLtU+61hYg45bmZiNjcAjdKvj59znKSe5+YjTjljcKZ:YHeEUZtgsccITKSFYjxcKSskiKS1
                                                                                                                                                                                                            MD5:3A4E05CD88971CC7988F3179977192CA
                                                                                                                                                                                                            SHA1:C0F796775FB852E6F9F75AB70846EE49619D9988
                                                                                                                                                                                                            SHA-256:576D49F78CEDFC37A7F7452EA7519EBF690642EBB87D01AC777605FFDBC648B0
                                                                                                                                                                                                            SHA-512:4E649FE654160B8D2595927CB215F078E1D97EE5B1D366D0651743E143DD990867FFB3E6C69AC19AFEF0D75C9B8B28E36977AAA4D64C5FFD24B0037B04828479
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>System.Runtime.WindowsRuntime</name>.. </assembly>.. <members>.. <member name="T:System.WindowsRuntimeSystemExtensions">.. <summary>Provides extension methods for converting between tasks and Windows Runtime asynchronous actions and operations. </summary>.. </member>.. <member name="M:System.WindowsRuntimeSystemExtensions.AsAsyncAction(System.Threading.Tasks.Task)">.. <summary>Returns a Windows Runtime asynchronous action that represents a started task. </summary>.. <returns>A Windows.Foundation.IAsyncAction instance that represents the started task. </returns>.. <param name="source">The started task. </param>.. <exception cref="T:System.ArgumentNullException">.. <paramref name="source" /> is null. </exception>.. <exception cref="T:System.InvalidOperationException">.. <paramref name="source" /> is an unstarted task. </exception>.. </member>.. <member na

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\System.ValueTuple.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19736
                                                                                                                                                                                                            Entropy (8bit):6.538195289154972
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:QyPa16oAL4D+wW9IWmDIW4IWYDfIYiQ3fhcZqAM+o/8E9VF0NylW+C:QWs6oqDjADKeDgYiQpcUAMxkEd
                                                                                                                                                                                                            MD5:35BD6BFA8A2A11F8735397900F130918
                                                                                                                                                                                                            SHA1:941B9281B9548887A246905E380FB9C13D564006
                                                                                                                                                                                                            SHA-256:600169E7B5AF04396FC3C35DCA6DAF993E442FFFB71B4F96BCCE2D8E63F648AA
                                                                                                                                                                                                            SHA-512:3DE19E8D7DA116359BA139028AE682566E77D4985BFB5D8324E00EE1903C33758620D9CA781842EBA73AEFE8BB0C3310E1C5AD0378DC7CC25BE414C314E17AA1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0.............b2... ...@....... ..............................a.....@..................................2..O....@...............$...)...`......x1............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................B2......H........!..T....................0......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r[..p.(....*B.....(.........*.BSJB............v4.0.30319......l...4...#~..........#Strings....t.......#US.@.......

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\System.ValueTuple.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):142
                                                                                                                                                                                                            Entropy (8bit):4.391770241438592
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:vFWWMNHUz6GbC/0tFFNu7WRtLz3hAbS9/FFNrGMH/xtgGM8Xby:TMV06GbSWVVR+SXNffgp8Xby
                                                                                                                                                                                                            MD5:B6E60687AE5DB6D011E21E6993620745
                                                                                                                                                                                                            SHA1:B117C6BBDDC72E7F4B590173992EE17BFDDE4BE1
                                                                                                                                                                                                            SHA-256:C37E163FA76629C196460C7B4D54E95B1A46A4C66AB7B6F3311959C8137DC5F1
                                                                                                                                                                                                            SHA-512:709212B6CB36F57B92A82DEF810F9C075A91B3E6A5FD330DCFB563D94A320783509441347D63BDE97F530C6B10CE6AA769CA11F7FC39ACF1B25D5C8F9DCBB389
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>System.ValueTuple</name>.. </assembly>.. <members>.. </members>..</doc>..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\System.Windows.Interactivity.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):50456
                                                                                                                                                                                                            Entropy (8bit):6.21259003479461
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:N3wBccZdxuB8mQen6JxKjrlMZgR0EoO7QLx:pcHmQPUkOM
                                                                                                                                                                                                            MD5:5E4F1D21E43BC48BF8B8B7E9B68DDEAC
                                                                                                                                                                                                            SHA1:122B6CC52699AEE8F6BAC522FCD5C9E97422ACBB
                                                                                                                                                                                                            SHA-256:CFF4E1FFC3F1B69948436B62ED30FA7C03C079A6CE7483EFCFC4D9B5744ABC9B
                                                                                                                                                                                                            SHA-512:E37146A3E16AEF7CCB90F8B50B3A83FD9BBCE171C5CCC23B9F26252D586593F330E61D8537807A2AB98CE6BC746B0DB66CFDED1934CF5A576E907F0E54C06011
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...du.K...........!..................... ........ ;. ....................................@.................................\...O........................)........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......4O..X`..........xD......P ......................................{c...2......q..Z,.C.....3.n.Z..7....R.....T.{yF")i.$JMv...,a.....U...M:,...Z.Q:..c..N.{....<....h%.....:s..T...Z.gSI.....6.(.....{....*...0..&........(..............s....o.....s....}....*...0..K........(.....{....o........,3..+&..( .........{.....o!............*..X...(....2.*..0..L........{.....o"...,=(#...(..................($...o%.......(&...o%.....('...s(...z*.0...........o).......E............d

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\System.Windows.Interactivity.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):62128
                                                                                                                                                                                                            Entropy (8bit):4.529932548825407
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:2y80yatyXMOX0lrNyzEYIFu8cKy5BYAeu:MsY
                                                                                                                                                                                                            MD5:F70AEFF5A0E73BBA854A66ED6F0F5340
                                                                                                                                                                                                            SHA1:5669C580408931021A39CFE0563771CBED623670
                                                                                                                                                                                                            SHA-256:9608C07302EFF914A866DC5D416A8816FE9B28DF62EDF6D9C28F79A0236824F4
                                                                                                                                                                                                            SHA-512:95B076A38E3F320CC16F4AE31FB76CFE3FC378A7EB33ECE9F1FA83D7281CBA72D8BBCBADE2C1476793351B0C19CE8851A192FD42E3E3554402011E9FDC024BE7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>System.Windows.Interactivity</name>.. </assembly>.. <members>.. <member name="T:System.Windows.Interactivity.AttachableCollection`1">.. <summary>.. Represents a collection of IAttachedObject with a shared AssociatedObject and provides change notifications to its contents when that AssociatedObject changes... </summary>.. </member>.. <member name="T:System.Windows.Interactivity.IAttachedObject">.. <summary>.. An interface for an object that can be attached to another object... </summary>.. </member>.. <member name="M:System.Windows.Interactivity.IAttachedObject.Attach(System.Windows.DependencyObject)">.. <summary>.. Attaches to the specified object... </summary>.. <param name="dependencyObject">The object to attach to.</param>.. </member>.. <member name="M:System.Wi

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.FoundationContract.winmd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):24064
                                                                                                                                                                                                            Entropy (8bit):5.436377150873873
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:nOeNiCPJ8d//4CMSKtmVbFhFMTuzO3zoVOgvevU3+uARkArvLU8Wyt:/x8d/i49z7cgWvwARkwvLU8
                                                                                                                                                                                                            MD5:D0854E8DB0D1AFBDAB9CEDB8464561A7
                                                                                                                                                                                                            SHA1:7550E1257E2D243AC0A12439D2A55C74718753D4
                                                                                                                                                                                                            SHA-256:363DC1FDC0C50618C9049F87BF6E2C6EB9D9CE4AC08960373BF778EF854D78AD
                                                                                                                                                                                                            SHA-512:CAF5CB38121FE12A560CEBE4E1AC3266AEFB3C7AB0635EFF26D1AB7DE8CD349F52CB8F9FD4F8E05CF6E496FF07083961881517298FF80A07691B22EF2B317A3D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...................................@...PE..L......\...........!..............................@..................................o....@..........................................p..`...............................................................................................H............text....V.......X.................. ..@.rsrc...`....p.......Z..............@..@........................................................................................................................H.......P...hV..................................................................BSJB............WindowsRuntime 1.4......t...x3..#~...3......#Strings.....G......#US..G......#GUID....H..`...#Blob...........W.........%3........h...a...m...9...........)...S.......................,... ...............!.....0.........l.e...~.............................5.....b.e...g.....s...........................................................&.....>.....L.....V.....o.e...v.........................e.....

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Windows.Foundation.UniversalApiContract.winmd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):5773312
                                                                                                                                                                                                            Entropy (8bit):5.68640191645299
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:OVINVwJzGKybK12T5yb9ksyZWPsADcn0XjOTQVm8fGwoAIMHFqG:/NVwJzVSs+Wp4xyD
                                                                                                                                                                                                            MD5:2B71864142900544334292C45C9A9A21
                                                                                                                                                                                                            SHA1:763865F2163F8B3A294BB156D1E36B9E73A9EBAB
                                                                                                                                                                                                            SHA-256:94687C2812CD4B0DF1F93C3D083BAA730CAB07E9D9C3931FA6557C808BCEF49B
                                                                                                                                                                                                            SHA-512:DD73C7832A2B43774D18A83AC08CEE5A6F7D76F870A98A344B3FDD1DE61CD9B7362D31009F443592F138EFFB9ED7CDD9E4F8A7282C699B7AF3F434ABE74F215E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...................................@...PE..L......\...........!..............................@..........................@X......AX...@..........................................0X.`...............................................................................................H............text.....X.......X................. ..@.rsrc...`....0X.......X.............@..@........................................................................................................................H.......P...L.X.................................................................BSJB............WindowsRuntime 1.4......t...t(>.#~...(>..O..#Strings.....xK.....#US..xK.....#GUID....xK.x...#Blob...........W..........3........d.......c$......b"......sV......'.......A...P....s.......a................2...........p...i.....u.......................i.........................6.........o.......................................%.........I.........g...............................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\Windows.WinMD

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):174080
                                                                                                                                                                                                            Entropy (8bit):4.838714488862786
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:BXlu9HOsrxLLC581nfkhTf85SfD/8E8pMyF2fIK2E3ZMrf/GXTdXg7A/w:b41x7v54sMyov2+Mrf/GXKA
                                                                                                                                                                                                            MD5:6AEB1C3E0470912D776EF79DC180AEF6
                                                                                                                                                                                                            SHA1:C35A83124548142B7AF868166EEB9B9A8DEDCA03
                                                                                                                                                                                                            SHA-256:249D4EBDCB399002F7B6DCB50384AD0DF3AB6A7CF7087161EDA4E43052128E6D
                                                                                                                                                                                                            SHA-512:3AA0D6D8BFB0788353A85E5C0F88B0D0B0CD80F200C78932D8BD4FCF0711EF6577F9C3F4036BB88A4EC7BCF58ED2C4A48FC003324B47A0FAB51E2A1B73436DE4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......U.........." ..................... ........@.. ....................................@.......................................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................................H.......H ..............................................................BSJB............WindowsRuntime 1.3......t...@...#~.......s..#Strings....`.......#US.h.......#GUID...x.......#Blob......................3................$.......................................................6=............................................iA......................cE.......................F.......................C.......................A.......................@......................PC................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\XamlAnimatedGif.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):103704
                                                                                                                                                                                                            Entropy (8bit):6.283371933462689
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:OZGfW5mvu8DC4AiyZAZIJjAgyzjeIcKNVT7VuWCbwt2Ezg7QIxO:OZGfNu8DyZAZwWtpVT7VVdgYgMp
                                                                                                                                                                                                            MD5:ACB8F45DB96CD7C2AB0DE33115F5BDFF
                                                                                                                                                                                                            SHA1:3176E469C11EA3207F8AEC2BD0BBFF761F4866E8
                                                                                                                                                                                                            SHA-256:BDACB6508286E644222CB44DCCAF51BC9210AFF80529706CB7B8EDFEBF53AE61
                                                                                                                                                                                                            SHA-512:E47B6C41068B6F16374E56FCD577370812E57D548354AD11346D351D4AB7EBA6A245F5F211FE47945DF43C73B67A9F1E4D920C85CBAD2FF3DC3D95886622B1A2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..b............... ........... ....................................`.................................E...O.......L............l...)..........`...T............................................ ............... ..H............text....a... ...b.................. ..`.rsrc...L............d..............@..@.reloc...............j..............@..B................y.......H........................................................................{#...*..{$...*V.(%.....}#.....}$...*...0..A........u........4.,/(&....{#....{#...o'...,.((....{$....{$...o)...*.*.*. ..~. )UU.Z(&....{#...o*...X )UU.Z((....{$...o+...X*...0..b........r...p......%..{#......%q.........-.&.+.......o,....%..{$......%q.........-.&.+.......o,....(-...*..(....*..(....*F.~....o/...t....*6.~.....o0...*F.~....o/...t....*6.~.....o0...*F.~....o/.... ...*J.~...... ...o0...*F.~....o/

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\XamlAnimatedGif.pdb

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Microsoft Roslyn C# debugging symbols version 1.0
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):28012
                                                                                                                                                                                                            Entropy (8bit):5.07766090155697
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:UnhIrxUN3RhP+UVpi+L2P2lxX2rzELJRDXPn1F4da24Ui0o92d2zPSuWaK9cww0H:txwnPJL5JL4Dih9KWK9cww0oUZ
                                                                                                                                                                                                            MD5:9F580CA88DB263A3BDB75D40EE88C8B8
                                                                                                                                                                                                            SHA1:73F47B6B2A04525C8DA776A746933EE8F02E3845
                                                                                                                                                                                                            SHA-256:E0387871E704D9402196F786ED697F87FB63267BDCB142829E02CC1C3F548275
                                                                                                                                                                                                            SHA-512:2839625305CF2375C281C60E86694263AF151F5CDA311624C019A76207543B1A1E9AB91C5D70AB50A151DA52BEEC7225D887C5AA748E4B964271CB8F63C9B681
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:BSJB............PDB v1.0........|.......#Pdb........x/..#~..t0..T...#Strings.....2......#US..2..p...#GUID...<3..0:..#Blob.....q0\.UG......j..Z.....W...............r.......#.......9...&...........................i.......j...............@.......................................+...#.......z...=...1...T...B...I...........................G...O...........................H...R...........................8...B...z.......................1...;...z.......................&...0...g...q...................-...7...d...n...................<...F.......................%...]...g.......................8...u.......................*...2...`...h...............).....................................\...c...o...v...........................................................#...0...=...J...W...d...q...~...................................7...................................?...o.......w...................................................*...1...................8...............<...........C...P...X...........j.........

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\de\MahApps.Metro.resources.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):10752
                                                                                                                                                                                                            Entropy (8bit):4.756472052670044
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:MGzDcHtDpvhpzcPWg3TUHfBo+6IhF0DY2ACkVtW/lRODhQkBp3ySNUt4LUTsVB6j:M3HtDpvhpz03TafBo+6IhF0DY2ACkVlk
                                                                                                                                                                                                            MD5:742FAA100BAC5ED77490CC84EDC1F7CD
                                                                                                                                                                                                            SHA1:A9EAEFC888393EBE225D185943C8F96CD76D6CCB
                                                                                                                                                                                                            SHA-256:63DF6824DC2E3B89E9EC6B715C3003A5897B0D9922DA5C15E89C7C775076D819
                                                                                                                                                                                                            SHA-512:8744657359041C78161E3CC51497D26A30E1C46F5222764EC1376EBAC0E9602F98B7E7E7B94047F4F3CEC320A6726B352386AF2B4AA704AE4D9788C3EAAAFACC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(.~`...........!..... ...........>... ...@....... ...................................@..................................=..K....@..x....................`....................................................... ............... ..H............text...$.... ... .................. ..`.rsrc...x....@......."..............@..@.reloc.......`.......(..............@..B.................>......H........8............... ......P ......................................A..K..bo....x.r..R~.....T.qs.:....X....3...5U.n #...D...M.V>.s.Ap;.........#..O..]..7F.....i.. ...O*.j.....@..jv=...W_L.$...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.=....T.f.@.i.=.'....C..)bJ.;.$...._*.../.n#0...2..ck.##s.ua..C|.<...u..MQ........gJ.........

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\en-US\SBConference.Model.resources.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):11264
                                                                                                                                                                                                            Entropy (8bit):4.613368878737462
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:rN1vttjc+uAS57xu3e5auZJWzE4idhleNjqi4oqTJVnt1JhRw0BVVSr:rbvH0uzE4UhYjqi4/d/RPBWr
                                                                                                                                                                                                            MD5:960EE61E268C24D30510849023D8A6B3
                                                                                                                                                                                                            SHA1:69F4BDA11582E5162C8BE194D826E66B847337B0
                                                                                                                                                                                                            SHA-256:9D08321232937B3B2401CE0C77F26DBCACEA713A8CAA4010F4B587D409BB5683
                                                                                                                                                                                                            SHA-512:1DCFBC1D5735D1CF060B6FBA0BBAB3394D383CA7418718284C7D6F4BAC373F63284BC8CC69FBAD36842D5336013E370550885BBB58F90DD3CCA51517A1A31C65
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....\e...........!.....$...........B... ........... ....................................@.................................TB..W....`............................................................................... ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............*..............@..B.................B......H....... ?..4...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....Q.......PADPADPh....>.......P..Z..'..l..}....;z..!.a..I...J...K...L...M.......i...#......v...w..e+..<..3'.w.......d?...a..s.....AsY.p...H.>..............v..N.R....#...&...&2..*.3.,/1.-B.W3..p7%.o8..r;=..?..G.}.K.}.K.}.K.}.K.}.K{.(O

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\app\qf4net.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):39192
                                                                                                                                                                                                            Entropy (8bit):5.110534898045065
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:F+ZpbHSTTUa8x+qvvIojhPYiQQdWAMxkE+:F+Zpb8T2x+CvP7Q2kxS
                                                                                                                                                                                                            MD5:7255C069B24F4ACAFC2E61A2775DA171
                                                                                                                                                                                                            SHA1:7B633E432CD852BA3F3C4F873BA5B4F68E6C2A39
                                                                                                                                                                                                            SHA-256:913AE5CB8D08C7280A995BDE388C22069949631F20A2B9AC5E086BD676E1CB55
                                                                                                                                                                                                            SHA-512:7E688EA98BD2A3EBB1F7054587D041D2B87E66B6DB53F7E4170669818E64D3D36779594432780177826A216F89DF106165448CD5CDEE1B420C54896E9A2F3065
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....KV.........." ..0..@... ......J^... ...`....... ....................................`..................................]..O....`..<............p...)...........]............................................... ............... ..H............text...P>... ...@.................. ..`.rsrc...<....`.......P..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\appsettings\settings.json

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):389
                                                                                                                                                                                                            Entropy (8bit):4.731905128310357
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:UYZI36ofqq2NpJXRRdNpVBfHU/iKz6J7z:UYS9qDNrXZNaTzon
                                                                                                                                                                                                            MD5:5F8CB8F1EC254CD5617741E89BC7569A
                                                                                                                                                                                                            SHA1:818A4674AF8BC1713B37CE0A28EAFB14EE6CC29F
                                                                                                                                                                                                            SHA-256:3A3B2CD2FFB3C5554D4828EB695B00AD5E7D1B2EC99D2FD2D10C19BD01AA50D0
                                                                                                                                                                                                            SHA-512:A919EDF9765384F2FC4567F1F1DC34E10B63109EC6748E969BA8D50B86809909CB0F87846E9A6005477C32122D2B8DE4A7EFEB1F1CBABE09ED84B654E5BCB028
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:{.. "General": {.. "MinimizeUponConnection": false,.. "RunOnStartUp": false,.. "ShowTutortialUponConnection": true.. },.. "Conference": {.. "ConnectByomAutomatically": false,.. "UseInRoomMicrophoneAutomatically": false,.. "IsStreamingFhdVideo": true.. },.. "Test": {.. "IsEnableEchoCancelling": false.. },.. "Misc": {.. "IsShowOnNextDisconnect": true.. }..}

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\audio\vac\instrmv.cmd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1435
                                                                                                                                                                                                            Entropy (8bit):5.168514160976156
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:CBc6mGOPDSgJaX7Blu7BW7BFXli/3g/EuzU/OVdEisHROVyOpX:0VgQX7Blu7BW7BFXg3g/EhAXnx
                                                                                                                                                                                                            MD5:9A11812CD3236C4E308130B537534745
                                                                                                                                                                                                            SHA1:26C6225474A25FB9C644CF78D4A7CB87D1E04AA2
                                                                                                                                                                                                            SHA-256:7CBF8C34EBF0318B37AA0ED06FA51BBB07F1F8C2BF4C1B07CAFE733A5D6E58DB
                                                                                                                                                                                                            SHA-512:5BCB6FD583828941F95B267742A82CCA602ADABF36D775F850D50336296EB6144FA1E7BAF29E3A3D9ED043A6BD7A605B1E1650C8D2EBC60F253057293D42C512
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:@echo off....setlocal....set "DriverInfFile=vacscbkd.inf"..set "DeviceHwId=ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5"..set "DeviceInstId=Root\{aafa5613-1d56-4309-9c3a-c3911d766be5}\0000"....set Mode=....if /i "%1" == "install" set Mode=install..if /i "%1" == "remove" set Mode=remove....if "%Mode%" == "" (.... echo Parameter 1 must be "install" or "remove".. pause.. exit /b 1....)....if /i "%PROCESSOR_ARCHITECTURE%" == "x86" (.... set ProcDir=x86....) else if /i "%PROCESSOR_ARCHITECTURE%" == "AMD64" (.... set ProcDir=x64....) else (.... echo Unsupported architechture %PROCESSOR_ARCHITECTURE%.. pause.. exit /b 1....)....for /f "tokens=2 delims=[]" %%S in ('ver') do (.... for /f "tokens=2-5 delims=. " %%A in ("%%S") do (.... set /a Ver1=%%A.. set /a Ver2=%%B.. set /a Ver3=%%C.. rem set /a Ver4=%%D.... )....)....set InfFileSfx=....if %Ver1% LEQ 6 set InfFileSfx=6x....for %%F in ("%DriverInfFile%") do set DriverInfFile=%%~nF%InfFileSfx%%%~xF....if "%M

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd.cat

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):11466
                                                                                                                                                                                                            Entropy (8bit):7.156043451841546
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:f+nOiAfy+mtbJCwOngEw9JPgXkhYCbYp80Hy5qnajWSu703oQ:2JvbrquLh3bYpslIA39
                                                                                                                                                                                                            MD5:5FAA07BCF94E9633F2AE5E688C7EA6A3
                                                                                                                                                                                                            SHA1:ACBD43137133162385D73970445ED89258EEC687
                                                                                                                                                                                                            SHA-256:F4E28994F1A986261BBAE5838F75E52642A5C70E50D28990E250769548B25D97
                                                                                                                                                                                                            SHA-512:1BD7E45A0B3611A8297D49F8D70A2D46ED07BDD5B003796F90D78B9A4FCE8BD14DD088DC7CADB8ED41F0C21DFA8D372AAB2A291D875262DD16B343A106C35424
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:0.,...*.H........,.0.,....1.0...`.H.e......0.....+.....7......0...0...+.....7........R.*.N...z>.....210708162227Z0...+.....7.....0...0.... ...H..g.Uq.[.......X...........1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........v.a.c.s.c.b.k.d...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ...H..g.Uq.[.......X...........0.... S..,Y.!.2..i6*...e...&.y.M.zVd1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........v.a.c.s.c.b.k.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... S..,Y.!.2..i6*...e...&.y.M.zVd0.......)....4..._;"@...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........v.a.c.s.c.b.k.d...s.y.s...0.... .coY.@u{..xe3$.....qY1.........1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........v.a.c.s.c.b.k.d...s.y.s.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd.inf

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2927
                                                                                                                                                                                                            Entropy (8bit):5.065256670569242
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:fzlab2Qb2ncb25AMPHwuTHYH9ewl9P8uPtS+iSFEY0dPFi+8PBDx:LtNnhZSkFwPBt
                                                                                                                                                                                                            MD5:E5EDB842967CD25E6B490ED05764A2AD
                                                                                                                                                                                                            SHA1:F4EACF18194D422B203904A058FD21A6A456F2B8
                                                                                                                                                                                                            SHA-256:041B83489E80678F5571825B0D0F9BB310F51658C7ACA4AC068CBB07B5EE16FF
                                                                                                                                                                                                            SHA-512:B1AB11A0A10DC1985AD510A4D873181BB28ECEECF414A255A8E895FB3B2BA72A232C0B54F4A71F26CE33CDDEAEBC999B522808F7DFA6CF3ED2BA0B4534C53BC0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:[Version]....Signature = "$WINDOWS NT$"..Class = MEDIA..Provider = %VendorName%..ClassGUID = {4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 06/28/2021, 4.65.3.11864..CatalogFile = vacscbkd.cat........[Manufacturer]....%VendorName% = DevSection, NTx86, NTamd64........[DevSection.NTx86]....%DeviceName% = DevInst, %HardwareId%........[DevSection.NTamd64]....%DeviceName% = DevInst, %HardwareId%........[DevInst.NT]....Include = ks.inf, wdmaudio.inf..Needs = KS.Registration, WDMAUDIO.Registration..CopyFiles = DevInst.DriverModules..AddReg = DevInst.AddReg..AddProperty = DevInst.Properties........;#####################################################################..;..; Services..; ========..;..;#####################################################################........[DevInst.NT.Services]....AddService = %ServiceId%, 0x2, SrvInstSection........[SrvInstSection]....DisplayName = %ServiceName%..ServiceType = %SERVICE_KERNEL_DRIVER%..StartType = %SERVICE_DEMAND_START%..ErrorControl = %

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd6x.cat

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):12070
                                                                                                                                                                                                            Entropy (8bit):7.445862467348569
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:Ctm9UMQVMeKazCKVHGzex+0bUVEVFJ84kcGNq4/C+Q3ISVSWMZMQ3Gr:CNMQJK2CKVjd4VEVFJ8ZcGwGBk7/UMQC
                                                                                                                                                                                                            MD5:D9A4012E567137C10A49105EEB869A7C
                                                                                                                                                                                                            SHA1:C04F6D600714465CC8BB341B76DC6B54235DF1AF
                                                                                                                                                                                                            SHA-256:BCA872DAC035899B85BF2603EFCC3B991273BD318958669B288481558BBF639E
                                                                                                                                                                                                            SHA-512:FBAADB1F872EB6829A07A593C5BDE7E5EC92EDE1E5BEC1BE560E3A3A81766E7BF0401CDF1761DF927705FF2414438CD8948767D7B73AC5A9B817361611351D11
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:0./"..*.H......../.0./....1.0...`.H.e......0..x..+.....7.....i0..e0...+.....7......Q.~m.U@...(.t...210628164442Z0...+.....7.....0.."0....R7.0.A.F.4.C.3.4.3.A.3.4.E.1.2.E.F.0.B.B.2.7.5.7.8.9.8.6.B.4.7.C.B.2.2.4.4.8.8.6...1..0E..+.....7...17050...+.....7.......0!0...+........p.L4:4...'W...|.$H.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R9.D.9.E.A.0.2.9.0.A.E.7.8.9.0.0.E.D.3.4.8.0.D.B.C.4.5.F.3.B.2.2.4.0.0.5.8.4.0.F...1..0M..+.....7...1?0=0...+.....7...0...........0!0...+...........)....4..._;"@...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RF.4.D.4.2.B.E.4.1.7.7.B.C.9.5.A.3.E.4.C.B.0.F.6.F.7.7.6.6.3.D.F.C.5.9.8.9.6.4.7...1..0M..+.....7...1?0=0...+.....7...0...........0!0...+..........+..{.Z>L...vc...G0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}........0..N0..6........._....5+de.j0...*.H........0W1.0...U....BE1.0

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\audio\vac\vac\vacscbkd6x.inf

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2929
                                                                                                                                                                                                            Entropy (8bit):5.067041406210606
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:fzlob2Qb2ncb25AMPHwuTHYH9ewl9P8uPtS+iSFEY0dPFi+8PBDx:LzNnhZSkFwPBt
                                                                                                                                                                                                            MD5:6212516D36440F07C9243B71676D20FE
                                                                                                                                                                                                            SHA1:70AF4C343A34E12EF0BB27578986B47CB2244886
                                                                                                                                                                                                            SHA-256:74B1946B6D24BB98433C0ED840E96A0D2E6256EDC77F6F5ED8F1A32AB4F2B923
                                                                                                                                                                                                            SHA-512:AF1C53DF4B53F7E5E0B980EB03C4FE2E03DB75413C92AA09369BA66CE3BB2586241259119E8CF2E0BFFCC8CDD7DDA8DE00979DBA6EFE040115DB943C68B752CE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:[Version]....Signature = "$WINDOWS NT$"..Class = MEDIA..Provider = %VendorName%..ClassGUID = {4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 06/28/2021, 4.65.3.11864..CatalogFile = vacscbkd6x.cat........[Manufacturer]....%VendorName% = DevSection, NTx86, NTamd64........[DevSection.NTx86]....%DeviceName% = DevInst, %HardwareId%........[DevSection.NTamd64]....%DeviceName% = DevInst, %HardwareId%........[DevInst.NT]....Include = ks.inf, wdmaudio.inf..Needs = KS.Registration, WDMAUDIO.Registration..CopyFiles = DevInst.DriverModules..AddReg = DevInst.AddReg..AddProperty = DevInst.Properties........;#####################################################################..;..; Services..; ========..;..;#####################################################################........[DevInst.NT.Services]....AddService = %ServiceId%, 0x2, SrvInstSection........[SrvInstSection]....DisplayName = %ServiceName%..ServiceType = %SERVICE_KERNEL_DRIVER%..StartType = %SERVICE_DEMAND_START%..ErrorControl =

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbcp.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):159256
                                                                                                                                                                                                            Entropy (8bit):5.095731794917183
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:q3e0hSHF6Kh0CDfaWEfp7lmpIitRlPxJCTO:0h1C0XWEf1lmBx
                                                                                                                                                                                                            MD5:C739572A81F02471F60598D5439B36C8
                                                                                                                                                                                                            SHA1:527CA671114B9DAFAD2888E251DDA19447E7FD48
                                                                                                                                                                                                            SHA-256:AE745B0D02A48D4AE286C962C7431CDA85996C920649B4F7DEB6EE0DAE94298A
                                                                                                                                                                                                            SHA-512:C27442140CA63CB43AF991E47F2CFB5FCDBB5738340BEFBEBF96FB8B5B4D1E13E26D4A3A0102A5C40D9EA5D3BFC728AC3F4198BED5592BC7746119C7DEC6DDBF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................f.......f.......f..........v....f.......f.......f.......f......Rich............PE..d...q..`.........."......l...........;...................................................@.......... .......................................i.......................B...,...p......P................................................... ............................text....j.......l.................. ..`.data................p..............@....pdata...............r..............@..@.rsrc................~..............@..@.reloc.......p.......>..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x64\vacscbkd.sys

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):210968
                                                                                                                                                                                                            Entropy (8bit):5.616528067156737
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:bwgplQDijxOrw3gPBA4nJPuneHoTx8ddqy6u7dGxYs7iBz:RpODMOMUnInD+CtusSz
                                                                                                                                                                                                            MD5:963E174D5F1AC1E4773D3B42D92DD4B4
                                                                                                                                                                                                            SHA1:A6A045AEF56C670C3B5E6801C69B93E9EAF13B69
                                                                                                                                                                                                            SHA-256:9093C10A10F1019BB24506C417AE178CFE81BF890337DF753A7ADB2B24DD74D0
                                                                                                                                                                                                            SHA-512:39B7D6CF123032B593C1B3AA6A88E5B3C4301EA1135D96F21F66DDE964DD5D72D5C44F0C91C5378B32851B53D70A27C79F45A5D8834EB1EFB4ADC863CD012A11
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q...............hs......hu.............he......hb......hr......hw.....Rich....................PE..d...q..`.........."..........F...............................................`......N...... ....................................................d...........p..|........$...P..L....................................................................................text...|........................... ..h.rdata..............................@..H.data...p....`.......B..............@....pdata..|....p.......H..............@..HPAGE....2............d.............. ..`INIT.................f.............. ....rsrc...............r..............@..B.reloc.......P......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbcp.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):143896
                                                                                                                                                                                                            Entropy (8bit):5.183132927402597
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:8oVk8cejy3zGDq9CwW5t1pNwLxZHCIdVO:I8+DQZwLxFC
                                                                                                                                                                                                            MD5:CA8DC992F8F4EEEAB22E518C11993C93
                                                                                                                                                                                                            SHA1:BADEAC70BCC6AAE812EFE2D5C21FD7A2DA1710EC
                                                                                                                                                                                                            SHA-256:E8720BB51C825626C5F3CB184123A8F2CBA2B27408AC7E3624501A42EA18EA98
                                                                                                                                                                                                            SHA-512:80BE89F148753B29ADF5D5AE9D122CF9953192E4C84CC6A9471CD312E1C6A8B3759156FB602843AF15672BE596F24A133DC19B15893DD3C08A64E7BAD32014B9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x".j.q.j.q.j.q...q.j.q...q.j.q...q.j.q.j.q"j.q...q.j.q...q.j.q...q.j.qRich.j.q........PE..L...h..`.................*...................@...............................0......O[....@...... ...........................+.......P...................,..............................................................|............................text....).......*.................. ..`.data...<....@......................@....rsrc........P.......0..............@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\audio\vac\vac\x86\vacscbkd.sys

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):178192
                                                                                                                                                                                                            Entropy (8bit):5.70956700996967
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:221LC++3tKrQesPZVJe2H5u3bJWllFYoDSo2R/UHKnVwmo3m:H+MrQeOwJQFyo6UHKnVO3m
                                                                                                                                                                                                            MD5:72408521FCA0A5A39FC102C5AC66E362
                                                                                                                                                                                                            SHA1:B4BD8388DAC3E7970B2BF2E9F305E8802CB81856
                                                                                                                                                                                                            SHA-256:4FE88E24FA50D5870BCBAB4DBE70ADA6B280682FA17DAB008610465DDA4D58E7
                                                                                                                                                                                                            SHA-512:A6FC2BC20A3E8DF7BB31A6D3CBC0CEE4869E9179DCC5D78600C2893F24C5936226F4AAE863FBC3A83537B4C69BA1A26BDFB1239D365C741C9E59B4C1EF911536
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........?.sel.sel.sel.sdl.sel...l.sel...l.sel...l.sel...l.sel...l.sel...l.selRich.sel........PE..L...h..`................................................................................... ....................................d.... ..................$..............................................@............................................text....w.......x.................. ..h.rdata...U.......V...|..............@..H.data...............................@...PAGE....1........................... ..`INIT....@........................... ....rsrc....... ......................@..B.reloc..r............~..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x64\wdmdrvmgr.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):31144
                                                                                                                                                                                                            Entropy (8bit):6.45005930112513
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:0mnmSRBRQWj2jdkYpCMmzydjmNsc2pSTVEV3GPkj3UZ:HB7QKFGjmNsLITOEMK
                                                                                                                                                                                                            MD5:5F85D1A6148263FA5B0F68368840E644
                                                                                                                                                                                                            SHA1:890EF23C2592441AEEE5E54EDA628E25215F67B6
                                                                                                                                                                                                            SHA-256:E7DACEF5ECC8289199FFFCFB6859EA6BC308C602DAA24684BCB3D6D9FDF9919C
                                                                                                                                                                                                            SHA-512:7E491C0CC3EC1682D41BFB76C4FC10473F1D9F800BA7519C1DD1AFD8186DDD845ECCDE87F170A545A27D80AF4BA6AA2FA8FBD07D34256D2D7E54696CCA8BD091
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........[Su..Su..Su..Z. .Qu..Z.&.^u..Su..nu..Z.6.Pu..Z.?.Wu..Z.!.Ru..Z.$.Ru..RichSu..........................PE..d......`.........."......<...........1....................................................@.......... .......................................D.......p..x....`.......N...+...........................................................................................text...<;.......<.................. ..`.data........P.......@..............@....pdata.......`.......B..............@..@.rsrc...x....p.......D..............@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\audio\vac\wdmdrvmgr\x86\wdmdrvmgr.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):28584
                                                                                                                                                                                                            Entropy (8bit):6.610450236402353
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:+CgU5TxIr4qwCedA/u2EnHvs1vJMQJK2CKV48VEVFJ8ZcGwGBk7/UMQ3W:+QFI0qwCedB/HvsA2pxVEV3GPkjf
                                                                                                                                                                                                            MD5:10992B9F2436DE3DDF8B2E0AFD1040A0
                                                                                                                                                                                                            SHA1:C9EFA7BADB2B1ABEB84586F47512F1649D8E8CF0
                                                                                                                                                                                                            SHA-256:C5F1F14908488AA50D0584B1432386A838AA94117B7E16C1545FB158B1425522
                                                                                                                                                                                                            SHA-512:18F9EE23094D2356ED0736D2DA05CA6B2D6C8F1E562194A6431A4453456A0C4C7A0E6A9A09786C9ED8F44144BAC2BDDDD908F087F174B4054FCE1F1B916CE5E3
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k.)U/.G./.G./.G.&...-.G.&...-.G.&...".G./.F...G.&...+.G.&.....G.&.....G.Rich/.G.................PE..L......`.................2..........g*.......P............................................@...... ...........................;.......`..x............D...+...p.......................................................................................text....1.......2.................. ..`.data........P......................@....rsrc...x....`.......6..............@..@.reloc.......p.......@..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\eula.rtf

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):96092
                                                                                                                                                                                                            Entropy (8bit):5.125892289083072
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:qsgbCfsZDFVc0P8ad2o1x3osI1vNjlvcwAZ3V2mN6y+DR7I7QQoNXtBxXYco9XFm:qs+ZD/yIIAZwrbE0
                                                                                                                                                                                                            MD5:3A84C8EADA945F4F7F041BC4BCD49F11
                                                                                                                                                                                                            SHA1:F50F5FA1589371F29C4B195EFCB82D2DC2DFE18B
                                                                                                                                                                                                            SHA-256:B83EE69EEA4EF9D0DB9E1A5214BFEF7295776BB1B6E007ECC021BAFF401032DF
                                                                                                                                                                                                            SHA-512:C1C7F5B176CCB574B2C67F8ABA63ABC7212ED592C35C45603AAEC6761176AF129691C9467A1DF8D86EEAFEF650335CC997686A024901BFFCA001CC7A2C186E57
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff31507\deff0\stshfdbch31506\stshfloch31506\stshfhich31506\stshfbi31507\deflang1033\deflangfe1033\themelang1033\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math;}..{\f37\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0502020204030204}Calibri;}{\f42\fbidi \fmodern\fcharset0\fprq1{\*\panose 020b0609020204030204}Consolas;}{\flomajor\f31500\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbmajor\f31501\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fhimajor\f31502\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0302020204030204}Calibri Light;}..{\fbimajor\f31503\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\flominor\f31504\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbm

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\CreateProcessAsUser.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):18712
                                                                                                                                                                                                            Entropy (8bit):6.763927590310724
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:WTrw7JCe+uOEGK4nghz4lIYiQ3YxrUAM+o/8E9VF0NySST:U8FH+OJYiQtAMxkExT
                                                                                                                                                                                                            MD5:2BB7BB9C7AE34B04D17B640B155435C4
                                                                                                                                                                                                            SHA1:2A4E6914897368D43969DBC56E011BC838295299
                                                                                                                                                                                                            SHA-256:6935FC9F4DA82D0A4C055E6FB658243F2BD172392FBB987E450A62F52C54058F
                                                                                                                                                                                                            SHA-512:3A1609F24B98AE9C8A47B414107D8D4E489BA70AFF717D9C8305C080263C91527696E7845560FD7A0D056B86A61720017E86038B86B446BDF6ED2DA4ECF995CF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....>..........." ..0..............6... ...@....... ...............................a....@.................................g6..O....@............... ...)...`......t5..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................6......H.......8"..<............................................................0............~.......~........~..........(....,Y.....(....(............+:.......(....(...............(........{@...-...{>.......X......2...3.(........(....,...~.......(......(....&.*..0..........~.....................~............(....(....}).....(....-.r...ps....z .....-. ....+...`.....-..+..h}5.....ro..p}+.......(....-.r...ps....z...~....~.............(....-.(......r...p.......(....s....z(.......4.(...

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\Microsoft.Win32.Primitives.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.852720305698483
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:0N9VWhX3WBIYiQ3Xn5AM+o/8E9VF0NyJqR:YG7YiQn5AMxkE
                                                                                                                                                                                                            MD5:D9B35311DF479CAA8AA1F38F4F31AB4A
                                                                                                                                                                                                            SHA1:F033AD08AF638B47146B1B8428CA9043E4189394
                                                                                                                                                                                                            SHA-256:25036A2ADEC604629F1BE7B48B91C5BB86EC62747992B056FC00F697D666CF43
                                                                                                                                                                                                            SHA-512:CB3DD9D2043A62584112EC6DDF73D55C1BED838A69ADFF3161EE0A2D4B48007DFCE7559965190A961C0CC28B6EA142DB5DB4BE847DC121239B92B8B8979F0A3E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............(... ...@....... ..............................,.....@.................................T(..O....@..0................)...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l...|...#~......<...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\NLog.config

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1470
                                                                                                                                                                                                            Entropy (8bit):4.90143896769124
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:JdNQjY88lsfEoKaQe1W04pyaMMW04FzMSMpbP3KabFx2ldnD2cc/Or:3b8ewngpXMzFzMSMdvClJ7r
                                                                                                                                                                                                            MD5:0ECA7C05DCB6880312350E079D1CDA3E
                                                                                                                                                                                                            SHA1:EFFC35AB59077DC1885443C5BB1FDE798CBBBEAC
                                                                                                                                                                                                            SHA-256:497C6FD5714049D34FDA34066F2B877D5CA5EBEEC2CE956821055BEF29187C47
                                                                                                                                                                                                            SHA-512:1E21B44F85DD65EEB273BA2DB2C2827F87D99B588293ECA5493D4647ECE0C1A968E0CAF2DECD289C32CB068458A7F95F125B4CF687EDA31AB84B568B4AED6E11
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8" ?>..<nlog xmlns="http://www.nlog-project.org/schemas/NLog.xsd".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. globalThreshold="On".. autoReload="true".. throwExceptions="false">.... <variable name="appName" value="ScreenBeam Conference Service" />.... <targets async="true">.. <target xsi:type="File".. name="default".. layout="${longdate} - ${level:uppercase=true}: ${message}${onexception:${newline}EXCEPTION\: ${exception:format=ToString}}".. fileName="${specialfolder:LocalApplicationData}\${appName}\Logs\${appName}_${shortdate}.log".. keepFileOpen="false".. archiveFileName="${specialfolder:LocalApplicationData}\${appName}\Logs\${appName}_${shortdate}.{##}.log".. archiveNumbering="Sequence".. archiveEvery="Day".. maxArchiveFiles="30".. />.... <target name="debugger".. xsi:type="Debugger"..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\NLog.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):877336
                                                                                                                                                                                                            Entropy (8bit):6.063763326515151
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:o9RFbNhtvN5FtwfJH1h1S3sg6U/qxurzEZWgb4s6swKbUsQD:o9RFbNhtvN5FtwfHHUwRL96sw6UsQD
                                                                                                                                                                                                            MD5:8DDE3F8335ED6EF60A81116DF82FD43E
                                                                                                                                                                                                            SHA1:3D763DD2D89CEB76294149691B3D939ADBDFE900
                                                                                                                                                                                                            SHA-256:7B47C5C2F17BCC5CE6CD06A2C506BA4DB6B4BDAF71D9196AAB19B2AD2171DC7E
                                                                                                                                                                                                            SHA-512:7AE5602D9E7B5D76F978E6ADFA38D4F0AAE348309A326141633FE349DD7C76FDF86284360AFBDBF68A8215BAF7338268AA191DC090DCA16238E89EBEEB990276
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....%............" ..0..,...........I... ...`....... ...............................s....@.................................sI..O....`...............:...)...........H..T............................................ ............... ..H............text...T*... ...,.................. ..`.rsrc........`......................@..@.reloc...............8..............@..B.................I......H.......................t=......$H......................................"..(....*..(....*"..(....*..(....*..(....*..(....*.(....*"..(....*...0..B.......~..........(Z...~....,.~.....o[......+...(......o\......,..(]....*........../7......"..(....*6.(.....(....*..0..........(.......o^...&.*.(....o_...*2(.....o[...*....0..?.......~..........(Z...~....,.~.....o[...+...(.....o`...&...,..(]....*.........,4.......0..?.......~..........(Z...~....,.~....oa......+...(....ob......,..(]..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\NLog.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (385), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1645140
                                                                                                                                                                                                            Entropy (8bit):4.575621274286417
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:3bDXjSkpsv6ZrgFFG3WeA32lxC78ZaRIHp8TEKcQonqDhIrMBc+6z+beKX:PJe5eyEKT
                                                                                                                                                                                                            MD5:33F4C5EAE89E721F97931787B2CC53ED
                                                                                                                                                                                                            SHA1:A94DF5F3B256C2871D75443777A2EF13F5442D73
                                                                                                                                                                                                            SHA-256:5F67CA9E5B26279BF3E52F4DDDCE531E819633163A82E6811FFCE1725369963F
                                                                                                                                                                                                            SHA-512:CAC58C2E0BB42029F40E4DC16ED8EA02C54B686370D15F75A24894FE82DA61041B61B01A5312974D1BDFAE58FEDD1B452FDBA4DFE2970CACF8D5753BB4F42556
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>NLog</name>.. </assembly>.. <members>.. <member name="T:JetBrains.Annotations.CanBeNullAttribute">.. <summary>.. Indicates that the value of the marked element could be <c>null</c> sometimes,.. so the check for <c>null</c> is necessary before its usage... </summary>.. <example><code>.. [CanBeNull] object Test() => null;.. .. void UseTest() {.. var p = Test();.. var s = p.ToString(); // Warning: Possible 'System.NullReferenceException'.. }.. </code></example>.. </member>.. <member name="T:JetBrains.Annotations.NotNullAttribute">.. <summary>.. Indicates that the value of the marked element could never be <c>null</c>... </summary>.. <example><code>.. [NotNull] object Foo() {.. return null; // Warning: P

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\SBConference.Common.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):55064
                                                                                                                                                                                                            Entropy (8bit):6.490110552698265
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:DKrpaZ6u4qDPfGh8sDv/QmbPsFaoDYgI7Qlx:DKrpaZd4qDPfG3DQmPhoDYgIM
                                                                                                                                                                                                            MD5:96C4EABB0E30391A65763F66415354F2
                                                                                                                                                                                                            SHA1:45C2A3B4042328A9401EC95F0A96F113959A9CDB
                                                                                                                                                                                                            SHA-256:BF4444BFB6E201D2EB315F5EAAAC617041127366EF1FBD7D20E153620225B267
                                                                                                                                                                                                            SHA-512:071EE7D079AC0FA5D3ACADC53FC82BF433FFFA592BB6514B8E7C34AF18C9B69E20A00E26DF4632955AE1CE5BCE42974DB63E5173CB2CD8CA452100F10BAD5562
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....\e.........." ..0.................. ........... ....................... ......Xk....`.................................H...S........................)........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............8..........(...h............................................0..........(@...*.*.0..o....... ....(%....~.....o.....(....,..+..+.-..(0....(0...(.....o...... ....(%....o......o.....,..+..+.-..(0...*.(0...*..0..........~.... ....(%....(0...o...... ....(%... .~..(%...(....o....o.... .~..(%...(.....(0...o.......,..+..+.-..o.....~.... .~..(%....(0...o...... ....(%...~.....(0...o.......,..+..+.-..o.....*........@[...................0..........~.... .~..(%....(0...o......

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\SBConference.Common.pdb

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:MSVC program database ver 7.00, 512*75 bytes
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):38400
                                                                                                                                                                                                            Entropy (8bit):3.097681309335531
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:CwFyFr8sKK8PuuN/qtMfrdAU8sKH8Pu1dL:CwFyFr8sKpPua/xdR8sKcPu1d
                                                                                                                                                                                                            MD5:EE633CA4D9B35855BBE69FE010669F1D
                                                                                                                                                                                                            SHA1:174460DC05E7272F4D7EED7457067849E60DB4F4
                                                                                                                                                                                                            SHA-256:F3F3104207128C7DC15F0CFD00A3F7A0E4DCE8C3F3AF49EC34D8B4797CEE9E4C
                                                                                                                                                                                                            SHA-512:9EAEF0A16F144CEC11B0BDE9297C6BE994A4E2BC9CF5C266B913E5F21CE613B2B1034E7C29001B84971B42B3CE2B316288534625898CF36ED3E3F9E975010FEA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Microsoft C/C++ MSF 7.00...DS...........K...........G...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):68376
                                                                                                                                                                                                            Entropy (8bit):6.406572056711903
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:8n7FkdvcVdZFwr/hzj446efotiQhl62fvHFM77Fs7lvx2yr27Q2Wbx:ZkGcCfbQhY2H0C7lvxp2M
                                                                                                                                                                                                            MD5:1F336B4C38C3F5F2A9049BEBC2FFD41F
                                                                                                                                                                                                            SHA1:05BF5D1C9C7B551572D0C679DA5C5CEC42FCEBB1
                                                                                                                                                                                                            SHA-256:23E0FC608637D1C493381DA16632034D21C70F88F1FD70EBED98E79F6835D6E4
                                                                                                                                                                                                            SHA-512:7D8D729A4899AD34B8A74B746C3AB03C464B3C03D84F812A2CAC8008D737A0C50A92808830935FC55B9839B40848ED11357C2FA8D5121CD86EBBBB49CCD8A5EE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....\e.........."...0.................. ........@.. .......................@.......6....`.....................................O........................)... ....................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........$J..........0...x............................................0..........(m...*.*..(....*.0...........(].....,..+..+.-, .;..(R...(......(...+,..+..+.-...(].........,..+..+.-\..(......~....(....,..+..+.-?~.......(..........(......$.~....(....,..+..+.-..(....&.(....&..*.......l....$.....0..C.......~.........(]...(....,..+..+.-#(.... X8..(R...(.........(....o.....*..0..{........~.....+:....(]...a..+"....(]...a.....'YE............7....(].....+..(]........+....2YE......

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.exe.config

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20025
                                                                                                                                                                                                            Entropy (8bit):4.982975960150322
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:hr4ojlKyuWEH+3HGReGWeGFuGgeKCUDuTeHOTu0U5e3eTOaUmS0SXStuKhubUfSL:hr4oB53mPUDCTHffI3
                                                                                                                                                                                                            MD5:51761DEEA245E324DC8A3BD88B37C929
                                                                                                                                                                                                            SHA1:70BEB9E6155395D90A96366BE1BA4B3FF49562A5
                                                                                                                                                                                                            SHA-256:5B1A1ED1F20C95E0C5AE12DECAD909256F1247285290848F95D4425D4ACA317D
                                                                                                                                                                                                            SHA-512:5F1EF64B9D8935DDB838AE9EC0A2CB6C5908B21A395135621DD7D0E82F02C6B6D0830F46B5073F92A6C59B67B0F3BCBE580405D00D21EC804D879BF79BBECFBA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>.. <system.serviceModel>.. <services>.. <service name="SBConference.Service.Service">.. <endpoint address="Service" binding="netTcpBinding" contract="SBConference.Common.IService" />.. <host>.. <baseAddresses>.. <add baseAddress="net.tcp://localhost:16669" />.. </baseAddresses>.. </host>.. </service>.. </services>.. <behaviors>.. <serviceBehaviors>.. <behavior>.. This should be false in production systems -->.. <serviceDebug includeExceptionDetailInFaults="true" />.. </behavior>.. </serviceBehaviors>.. </behaviors>.. <diagnostics>.. <messageLogging logEntireMessage="true".. logMessagesAtTransportLevel="true" />.. </diagnostics>-->.. </system.serviceModel>.. <system.diagnost

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\SBConference.Service.pdb

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:MSVC program database ver 7.00, 512*131 bytes
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):67072
                                                                                                                                                                                                            Entropy (8bit):3.486225836795622
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:ZpUCU7Rgu4iTcKPzBC6Jr+0ZOpj2oFcRgu4iTcK4cDF:kV7l+QOt2oFJiF
                                                                                                                                                                                                            MD5:C547D45434E0F8F9112DBBDDAB020B38
                                                                                                                                                                                                            SHA1:74681395C632E69B66DF2CFF0CD0B0828E936C09
                                                                                                                                                                                                            SHA-256:6DAEF5CEBC27EA9779CB58250B4D5B36BAC74C04062E52B1638429D301DE2512
                                                                                                                                                                                                            SHA-512:16F65DEE05733C3462B0D0A48F9C3A9E087A37189BE5E207F7C59826B36974CE873342F37721C711D3785A50C813DF3A664A4278B72213A6FEF5FE1D412F7F1E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Microsoft C/C++ MSF 7.00...DS...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................|...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.AppContext.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.8181372267055975
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:MDNxWQFWAIYiQ3VArAM+o/8E9VF0NyzkT:MDNVSYiQGrAMxkE6T
                                                                                                                                                                                                            MD5:1A1DCE27807D519F878874074CCC3ECA
                                                                                                                                                                                                            SHA1:1A6471253668A71EFB78B804B161A26EAB1B7B55
                                                                                                                                                                                                            SHA-256:8A453AC62FA7FF2625E2C8B91B1AFCEB27908AF84DEA1FBF0E416B92A4BC298F
                                                                                                                                                                                                            SHA-512:0780370F38590A11447A19D7F89923A9A1E9BE310E2B83237588CD27BD2D2EF9E147B9A55D91A4E2947E579C6F9201286E8E8FE1C36A968B2670EE4261BBEEBD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0.............f(... ...@....... ...............................3....@..................................(..O....@...................)...`.......&............................................... ............... ..H............text...l.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................H(......H.......P ......................\&......................................BSJB............v4.0.30319......l...|...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Collections.Concurrent.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.915895135077201
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:bm2igOWnW8rWeIYiQ3eQAM+o/8E9VF0Nyh:LtSYiQPAMxkE
                                                                                                                                                                                                            MD5:791CE3DFB3082DF17146D0EE55B1F4DB
                                                                                                                                                                                                            SHA1:44A561CF6A3D183F2545C2BDB4D9AC8ABE296EA4
                                                                                                                                                                                                            SHA-256:DD2C76561229CBC995DEDF11F77E7A59E6BD51C7EF72F71F79A4C34274AD451F
                                                                                                                                                                                                            SHA-512:C0D91DACF15DD46E71A4D246899C7441D8FE8EEAB724E81821572189C6681D73FB5D077152EF9898E9EC3BA3404969FDCFA53D3F9C071F79699C8412AD3ED03D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ..............................A@....@.................................t)..O....@..D................)...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...D....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................n.o.....o.....\...........8...3.8...P.8.....8.....8.....8.....8.....8.....1.....8.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Collections.NonGeneric.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.906747169924331
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Jnapn1iwwPWcGW3IYiQ3IZAM+o/8E9VF0Ny4U:ADugYiQSAMxkEd
                                                                                                                                                                                                            MD5:38C965A343FB9627E7B96900BE2F4B4A
                                                                                                                                                                                                            SHA1:578041E11C4E25D8079A3476A68A7E3AB0F20AC3
                                                                                                                                                                                                            SHA-256:EBC6FC6FDAAA621B6850E11A6D3C06E3344980DD2C90BA36CBC568153F7DD067
                                                                                                                                                                                                            SHA-512:81FB6816CDF5DF2589489116B97300C265700302B910BC5E86E43D7DE171B2BE9ED6D78D8ED0F67C5BD41B57401BFA3F4DA3074849A778430B8025B38C799590
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...................................@.................................p)..O....@..@................)...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....<.......#US.@.......#GUID...P.......#Blob......................3................................................F.o.....o.....\...........,.....,...(.,.....,...f.,.....,.....,.....,.....%.....,.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Collections.Specialized.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.9106455036425
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:pHLaEav5aaUa6arWVLWOIYiQ3yDAM+o/8E9VF0Nyic:MPv5t/NOyYiQWAMxkEr
                                                                                                                                                                                                            MD5:6AB76980B8A2361220E0A46129F2D79A
                                                                                                                                                                                                            SHA1:389118C7D922BFBE3AE9ED2216242B78E952A210
                                                                                                                                                                                                            SHA-256:158E446F31A589319DCB845B8462FB83539CC892F88FF5D0C57FBD88B03D341E
                                                                                                                                                                                                            SHA-512:EFDF6DC3635D362D5D21715EFD91293BCB15A8CCFFD9301823E484B5750C1C7B2DB07BA813BE511709C0E962927D0FCDC336E1EE16335354E48C1A2491E1B963
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... .............................../....@..................................)..O....@..P................)...`......P(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................`.....`...t.M.................................=.....V.................q.....Z...................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G...Y.G...a.G...i.G...q.G.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Collections.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                            Entropy (8bit):6.770721483962757
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:16iIJq56dOuWSKeW4IYiQ3ftvAM+o/8E9VF0Nyy+:biAhYiQP9AMxkE7
                                                                                                                                                                                                            MD5:AB6C2D882256C5E0AB5D7C55B39A9CA3
                                                                                                                                                                                                            SHA1:73A5F0153AC0599A92BE5C1F7ECA791BFCFED9CF
                                                                                                                                                                                                            SHA-256:2012000E25A90DCD54B30ADC419B2B14C4AF5AE2E8CE308DDCE6EE43AEB72FA5
                                                                                                                                                                                                            SHA-512:E88DB8DF2E28B09DC80FA7FA26E16C7F0317281BA44D9699046D5745F2E9B9566C95F4E91926D9D56F8130CD8789B3A7AA18FC56C8462CBF502C3EDE72FA2D96
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............*... ...@....... ..............................\.....@..................................*..O....@...................)...`......L)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..|....................(......................................BSJB............v4.0.30319......l.......#~..|.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................k.~.....~.....k...........*...0.*...M.*.....*.....*.....*.....*.....*.....#.....*.....x...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.EventBasedAsync.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                            Entropy (8bit):6.823385420005505
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:jnzz+MpSaLWW0+WnIYiQ3op3GAM+o/8E9VF0Nym5owuG:7puoYiQKWAMxkEcowu
                                                                                                                                                                                                            MD5:D524EDFFA6A4B210B59C5F8B71EEEB07
                                                                                                                                                                                                            SHA1:BB9E62BD6AC0719CC9C2D6BEC7BAD61A81CA46B7
                                                                                                                                                                                                            SHA-256:04F3B13F8ED6AACFDA518388020D950BD6FF59538CC1836A0D8A366EE172D046
                                                                                                                                                                                                            SHA-512:0209CE9B4821D0829C6E64D994E979A5DE6C676E316F1ED0346AE2CBA3D24A8754713F0146C6576045A9A1E9563C84A8B1CAF741678D0CF7393E876CE6572157
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............B*... ...@....... ..............................Km....@..................................)..O....@...................)...`.......(............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$*......H.......P ......................8(......................................BSJB............v4.0.30319......l.......#~..t...@...#Strings............#US.........#GUID....... ...#Blob......................3............................................................V...........j.................i...........8.................S.....<...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.Primitives.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                            Entropy (8bit):6.868970846955799
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:yGhr+YUfyHxsW/HWqIYiQ3QNZAM+o/8E9VF0NyNY:xkmyYiQiAMxkE
                                                                                                                                                                                                            MD5:907FF708B2E03E01DD8E340E96934DA7
                                                                                                                                                                                                            SHA1:8B30F1BFE30E3B73951202FBF394D2B3F936DFB0
                                                                                                                                                                                                            SHA-256:69E5F6DB1647CF98C99B72E04591D67597F39716AA5F4D5546A7840733E7AF97
                                                                                                                                                                                                            SHA-512:E7BA35DA0041868C01D669B690B04CC0A8F0CE72C91B011F89A32FB92C79FFAA28BC65B23A29F8B0E6FBEAD1F817487815DF600A3C90B8168C784FFF98FD706B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............+... ...@....... ..............................].....@.................................<+..O....@..`................)...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................p+......H.......P ..4....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................Y.]...{.]...6.J...}.....r........... .............................................................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.TypeConverter.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):17176
                                                                                                                                                                                                            Entropy (8bit):6.8009368439614954
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:ORE+ruiA5vzWeNWsIYiQ3KLY0AM+o/8E9VF0Nym:OS9beYiQyY0AMxkE
                                                                                                                                                                                                            MD5:02101B1A33F9B64F8A9C9F399E263F1A
                                                                                                                                                                                                            SHA1:5256E40F5B2766AE7585A3C99A25EF873A6441C1
                                                                                                                                                                                                            SHA-256:095286548BAC50A7A518D0A88E26B2AFC763F45FC1BD56B34F923D9EBA2571DB
                                                                                                                                                                                                            SHA-512:73AE3BC6C73FFC951CA2EF807EA45AFD81C96A44A0696A0E1FDFF39BB838CBAFFC6E65EC07FA778969008D8D94723D1B5B80F8567B6C3067790557D92E66237F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0............../... ...@....... ..............................C%....@................................../..O....@..p................)...`......T................................................ ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......@...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3................................;.....Y.........8...........<...........P.......................X.....q.....g................."...................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I.......................#.....+.....3.....;.%...C.@...K.`...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.ComponentModel.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.8596506459743996
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:VT+6ywnVvW0LWzIYiQ3zHHzAM+o/8E9VF0NyBtT:V99hYiQjHzAMxkEd
                                                                                                                                                                                                            MD5:FE1A75249B995A3126B0E64FA2F82943
                                                                                                                                                                                                            SHA1:C6459DA86E183E2CD0668DD895A99B3EFF94A66E
                                                                                                                                                                                                            SHA-256:FF8E3202E316E945B1DA4DBC283941AFBACF0A75CFF16C7FC127EC607815E055
                                                                                                                                                                                                            SHA-512:4E07024F999A99D98211078FBA77A49A942F3647E92963C583947D9DDD9F74CD8CA298FFD2C7F9DA3303D540696651CF5EF41E42C5E99575A40EBA5EBE1D252E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................T!....@..................................(..O....@...................)...`......|'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...h...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....7.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Console.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.855106039554965
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:dRbzriaXT+WlEWbIYiQ3wAZ9HAM+o/8E9VF0NyDnq3:f7iciYiQlHHAMxkE5Q
                                                                                                                                                                                                            MD5:8B2C2014CD400BDFAC5A9021E32766C6
                                                                                                                                                                                                            SHA1:C105615820015D13068E77249077ECD5D9C3767E
                                                                                                                                                                                                            SHA-256:432A799715EAF79EEB08874D85E852D5540811D7C239564849DEA8D2DEFDB996
                                                                                                                                                                                                            SHA-512:B1A3CE6036C922E5381CEDD316E6137054A34007E5090617C094837F575756F52FEF617C97B363ACF6D8618D80FFC7E96987FDB589F71AF7DAB842B12B159609
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............6)... ...@....... ...............................o....@..................................(..O....@...................)...`.......'............................................... ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..H...x...#Strings............#US.........#GUID...........#Blob......................3......................................................k.....?.....$.....S.................R...........!.....j...........<.....%...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Data.Common.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):148760
                                                                                                                                                                                                            Entropy (8bit):5.42385291947334
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:CdYO+3m9R6e1x03BZ6bDSzZ8B0uAP+SM:I+2jv1x0ebezWiu
                                                                                                                                                                                                            MD5:8BA74A188D851D4D58CD45D0143E4C45
                                                                                                                                                                                                            SHA1:1F51BF3DEF08848970268081D9265B1E9067D192
                                                                                                                                                                                                            SHA-256:1A51FC399C56E074A92C9C75835E8C60F4B0A88565B9AC8352AB117870130D1D
                                                                                                                                                                                                            SHA-512:AE614F030414D2FD4CF64BF96D9BD4A28EB5219AA0A69DFFC3443FC9B1E9F41DEBFBE16FE5AA54D30AE3D16EDCE8F06E5F712826B24FF8EBD3350F64A4EC4F95
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............,... ...@....... ....................................@..................................,..O....@...................)...`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........A...............?..h...t+......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r;..p.(....*2ro..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rK..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rM..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Contracts.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                            Entropy (8bit):6.826224446231502
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:iRtRWjYWCIYiQ3baDAM+o/8E9VF0Ny2cn:EidYiQ2DAMxkEB
                                                                                                                                                                                                            MD5:6FC486D5EA4D271F344FE901145F195A
                                                                                                                                                                                                            SHA1:9713EAB99273693E87D7B5349396B08023C8AC9C
                                                                                                                                                                                                            SHA-256:2957C5CF481AFDCA430B038DFB98FB15D9DAD808092A7312B1ADC999BDC8F335
                                                                                                                                                                                                            SHA-512:A033905CC9FF1E3C2AE70FF790CC30D52E369713A3F0E748999E6B30205D43FABF11C9BF9B448BC54A93923792AA4B75A376DEBA25614B4E5ACE1BF6435DF71E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ..............................Q.....@.................................x*..O....@..@................)...`......@)............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................*......H.......P ..p....................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings....H.......#US.L.......#GUID...\.......#Blob......................3..................................................-.....-.........M...........[.................'.....@.................[.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Debug.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.899051769056459
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:xFxrIFWnoW5cIYiYF8uegv7cER+zKUA5K+o/y2sE9jBF0NyDRadS:ZeWnoWGIYiQ3qeUAM+o/8E9VF0NyQI
                                                                                                                                                                                                            MD5:A49A59DD28D4C285D86CC8E87DF993F1
                                                                                                                                                                                                            SHA1:C37871414C5C0FD3D6B26D9045B1381095FF7934
                                                                                                                                                                                                            SHA-256:6DF0AF71BD6C58802CF9C91637F554D2998636F72D419860A319F07A76CA8331
                                                                                                                                                                                                            SHA-512:48E1A85ADF6A3FF39A0E9D9B2BD540C1C3796672E29C05B032CD3B1AC3805C835E91BDA2423CCEC9C62B4036A81D0FF675DCF974D3BD171469D04C9DB25525FF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ....................................@.................................X)..O....@..$................)...`...... (............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................)......H.......P ..P....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3......................................K.........]...........d.............o...".o...?.o.....o...}.o.....o.....o.....o.....h...-.o.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.FileVersionInfo.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.860992593527261
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:gxGxIZWJjW5l2IYiYF8uegv7cERWptl9A5K+o/y2sE9jBF0Ny7e6aS9:g6oWJjWX2IYiQ3ip9AM+o/8E9VF0Ny2o
                                                                                                                                                                                                            MD5:44C6AC06A9CAAC2C6882C98E30324976
                                                                                                                                                                                                            SHA1:8276BCBE905FD7D9E45C36094AA910C614E6C468
                                                                                                                                                                                                            SHA-256:6F6FD7E2D906F77D1D960E01EBC28F47A7F754A2942DECD89C74BFD383C9198C
                                                                                                                                                                                                            SHA-512:F72880A62F9203355668F46081D056C5448DEF3A3C8F8898336CC8C502DEF531506E2A8D3D27FF89A0275E9CC743E386E8A41FDA8B645FF4094761526D678AF2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@.................................H(..O....@..p................)...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................|(......H.......P ..@....................&......................................BSJB............v4.0.30319......l...|...#~......(...#Strings............#US.........#GUID...$.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.$...C.?...K._...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Process.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                            Entropy (8bit):6.7871731133338535
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Oqk53/hW3fZ+zWmLIYiQ3+cj5avAM+o/8E9VF0Nysp1v:Oqk53M60YiQ79YAMxkEuh
                                                                                                                                                                                                            MD5:B9097A30121C6EB7F9E2AF3F696A219D
                                                                                                                                                                                                            SHA1:1887E290324250CECBA56BED616D8F43D2393B89
                                                                                                                                                                                                            SHA-256:F94F9A441111BDAF05BCC1F50AC0E7CA6ABE221DB21016C5A52A7CEFB57D672F
                                                                                                                                                                                                            SHA-512:57ABF4CC3977439B8E73523095CA28A9FD97FA63CBF7052AB30FEE3BC3352730726F1B061F499895A4CFEDEC7DF3027A07F0139FAA172F0E7F482F1D48AA86A7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............**... ...@....... ...................................@..................................)..O....@..0................)...`.......(............................................... ............... ..H............text...0.... ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................*......H.......P ...................... (......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................j.q.........~.................}.....3.....L.................g.....P...................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k...a.k...i.k...q.k.......................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.StackTrace.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):18200
                                                                                                                                                                                                            Entropy (8bit):6.674010779372766
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:hFCc4Y4OJWfOWqWWOWVIYiQ3/PqAM+o/8E9VF0Ny4QQ:TCcyCSYiQnqAMxkEI
                                                                                                                                                                                                            MD5:4600B3B79E794B1C262F710CB0EAECD5
                                                                                                                                                                                                            SHA1:05A445BFAAE50BE4E7D995BA4ADEED4AD3AB9688
                                                                                                                                                                                                            SHA-256:A637DD15AA7B34D8F2553F113308B0F08E00C074F1AE9825EAC2D6747F9DE41F
                                                                                                                                                                                                            SHA-512:A7961C363C5D2F802A3DC94C7D3C9DA8024EBA97C012760C77CB8C2BECA466D61005730B407C87FE065BF1E57A16C54C0C62C11A00C6D335CE4188818534771F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............N.... ...@....... ....................................@..................................-..O....@...................)...`......L-............................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0.......H........ ..4....................,......................................F.(....~....(....*6.o.....(....*6.o..........**.o.......*.~....*.~....*.BSJB............v4.0.30319......l.......#~..<.......#Strings.... .......#US.(.......#GUID...8.......#Blob...........GU.........3..................................................8.........*.h...m.h.....Z.....$...........Z...+.|.....Z...1.Z.....$.....$.......3.D.......|...F.|...c.|.....|.....|.....|.....|.....|.....Z...I.|...}.Z.....Z.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TextWriterTraceListener.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.881873288486167
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:5lTx93aWxMW5wIYiYF8uegv7cER8fKqYvOA5K+o/y2sE9jBF0Ny6aDm:ZAWxMWiIYiQ3ofHjAM+o/8E9VF0Nyt
                                                                                                                                                                                                            MD5:F67C2B4F19F8474FA868F8A998ED4BE7
                                                                                                                                                                                                            SHA1:9ECB9544F742A447B6B58690FC164645C4F0468C
                                                                                                                                                                                                            SHA-256:4B3A513505EB09DEFEC69D5E58FFAEE24E0F1126279D6AB9A121A65640FB316F
                                                                                                                                                                                                            SHA-512:B068043A5FAA907668F965583E0091A7F6232B5D6B72C982D52CF1728D2B486FEABEB814DE94576F3C7596A1163DB41C89BA561FD75F73B1D76DFB2C463A753E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................U.....@..................................(..O....@...................)...`......L'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..|....................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....D.......#US.H.......#GUID...X...$...#Blob......................3......................................z...........!...\.!...0.....A.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.,...C.G...K.g...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tools.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.863601477314202
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:HAlcWHaWNIYiQ3D+uNwAM+o/8E9VF0NywCX4:k9uYiQazAMxkEFo
                                                                                                                                                                                                            MD5:E8BBBDD59E59CE9D492DD74F99B6342A
                                                                                                                                                                                                            SHA1:2D5375F30CEA7FD99AA055FB94113E19945084CC
                                                                                                                                                                                                            SHA-256:BFDA4DADC10E0A849D41B1F1B43238B6612238183FC1940940C80C2DCFF5621D
                                                                                                                                                                                                            SHA-512:5D7368602FBACA3FB097566FBC34A935B348E601B070102983F82E3ADC5F3BDB1474ECE861D7064943F6B0B9C97D362CA8C295FFD3EC194872E74BFF3391A544
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@.. ................)...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......|...#Strings....p.......#US.t.......#GUID...........#Blob......................3............................................................`.....1.....t.................s.....).....B.................].........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.TraceSource.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                            Entropy (8bit):6.790650504713329
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:dBIZnWlNWVIYiQ3lSLLAM+o/8E9VF0NykcL:XUytYiQYLAMxkEh
                                                                                                                                                                                                            MD5:87C97D580AC73911F9D881BDF46C4022
                                                                                                                                                                                                            SHA1:3E2538CA690F205DA2E8E995997A4521D604835A
                                                                                                                                                                                                            SHA-256:CF7B3DD29DEB3FCB159902F29C5BBA65189C12AE0DC54A7C54960A9A32E25F5F
                                                                                                                                                                                                            SHA-512:82E84E524CD28DE3778519124807E2E36175178AB8A01A71F9E3CBDEADA5A30EDE5C571B08FEED015B6A5339F1D7F80FAE9FB7C0DBCFD71CCE02A12C7CB546FE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............2*... ...@....... ....................................@..................................)..O....@..P................)...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................t...................................=.....V.................q.....Z...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Diagnostics.Tracing.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):25880
                                                                                                                                                                                                            Entropy (8bit):6.507238852957929
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:wlQnCMi33333333kj8xe+5PTYM3zUy+CezHjzgKj0uRWOdWmWJdWZIYiQ3guAM+B:eQq33333333kX+TBi8lYiQHAMxkE
                                                                                                                                                                                                            MD5:9E050CFBB88E802A0C4AF830EA685E56
                                                                                                                                                                                                            SHA1:85ED18B0E36AFEF47A6BD743BA93B4D78BE76D4A
                                                                                                                                                                                                            SHA-256:7CC689DE71F9F4A4283FC9A25C388E59A2FA6081E14C1CD0231A3635F6F5A118
                                                                                                                                                                                                            SHA-512:4DB6A9CB4175666E7637476FBEC11ED178247BD46FC69AF38B98D5004938243598808E4FC7DDF861A869A918181619C16E020A87B0D04C0CB6CDF36FABDCAFC9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............RM... ...`....... ....................................@..................................L..O....`..x............<...)..........PL............................................... ............... ..H............text...X-... ...................... ..`.rsrc...x....`.......0..............@..@.reloc...............:..............@..B................3M......H.......8*...!...................K.......................................0..H........(.....-.r...ps....z.-.r...ps....z.(......}......(#...}.....{.....o....*"..(....*....0..Z.............%.r#..p.%..{.....%.rA..p.%..{..........%.rS..p.%..{....l.{....l[...ra..p(.....(....*&...{....*.0..4.................}......+....{.....".......X.....{.....i2.*.0..k..........{........{..........."....(.......X....{.....i.0%.(..........(.....(.......,..(........"....3.....}....*.......=..M......

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Drawing.Primitives.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.8579364851651
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:q28YFlXulWY/WiIYiQ3lHeD0AM+o/8E9VF0NyLg7F:q0qOYiQV+D0AMxkEp
                                                                                                                                                                                                            MD5:97F75D1E3FA1B5F8E6EA45D8D0503FF7
                                                                                                                                                                                                            SHA1:C8DB90A7F4225EC855A2F07006A46E4146AA9E2A
                                                                                                                                                                                                            SHA-256:C1A9951946606B75CFC5F93F24539694E7E5247578503CE13713BAE87CA436C3
                                                                                                                                                                                                            SHA-512:F90467A4C0E353AA98E2B06BC647E92D6B17652ACF4D4A94A36DD369C8D5EB272F7783B1A3A4F4D7024749F8D09726010FBEE8CDD1669B0B2B665B29F1301943
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@.. ................)...`......t'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~..,...P...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................~.....R..... .....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Dynamic.Runtime.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16664
                                                                                                                                                                                                            Entropy (8bit):6.740197460284294
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:puMLcdQ5MW9MWpIYiQ3fz7jGegcAM+o/8E9VF0NyTQYM:AOcSpIYiQvjqcAMxkECp
                                                                                                                                                                                                            MD5:132B512582A4BE6650E2776846DD9F46
                                                                                                                                                                                                            SHA1:C270AB1B5B1AAFBB59B44A6CF9177CFF8BF1F7AF
                                                                                                                                                                                                            SHA-256:30407BE5F69F0B2EC2B1335F05A51028B104A0604645638FD2DFCA546061143F
                                                                                                                                                                                                            SHA-512:094C636201C7F0F00E59C73A80D3FA4FFBDEDEDA4A4A204D4BF9D46809BF63D92295E2A2E93590C5851B8807B3BBF91BCBF15E45F1651F1ADB24AB27B56113C2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............,... ...@....... ....................................@..................................+..O....@...................)...`.......*............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l.......#~..p...0...#Strings............#US.........#GUID...........#Blob......................3................................................;.........................$.....$.....$.....$...[.$...t.$.....$.....$.........g.$.....#...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Calendars.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                            Entropy (8bit):6.824237069640048
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:iZ7RqXWDRqlRqj0RqFWGIYiQ3Ao8AM+o/8E9VF0Ny22:y9qKqjqjuq4YiQ38AMxkEj
                                                                                                                                                                                                            MD5:1B466730AC0D5FC3154F36ED6EDEA8C6
                                                                                                                                                                                                            SHA1:A814A98E02930F8607AAABA50ACCF56F15038B65
                                                                                                                                                                                                            SHA-256:76BE95862A6C2CB0ECF02F3E353F0451D52175DE45BB044AC8EBF4CC69179121
                                                                                                                                                                                                            SHA-512:56BC4A45F11EE44A1C0B9D974F02DAB0EB16BA18960EC2F5E64E1DCD3CCECF877BB605D030AD6B2F12AF980A08B7724354A81D4447E767A0EFBB561208BE1BCF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ..............................uL....@.................................X*..O....@..P................)...`...... )............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ..P....................(......................................BSJB............v4.0.30319......l...L...#~......l...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0.....%.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Globalization.Extensions.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20248
                                                                                                                                                                                                            Entropy (8bit):6.636810892805951
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:NNBMbljRC+lgfS1RPWYR1Rw0R9WYRPWYRDRj0R9W3IYiQ3mpAM+o/8E9VF0NyWH:NvMhF2SzNzwu/NljuvYiQeAMxkE
                                                                                                                                                                                                            MD5:6FE57A0D28311407EC673FDF74292B52
                                                                                                                                                                                                            SHA1:B297E157AA6233D9C8A815CE0FA2BCDF996199F9
                                                                                                                                                                                                            SHA-256:821955C094E482808FDC2BF31DF76BA6467D2352CD1DD9C4506047CA6B58132B
                                                                                                                                                                                                            SHA-512:75FE4DF0E28E9446E29D1CB43EBAB56B1312FAE0CC5A4BF6621633A1D8A5BE14E39D6155A2FD09B78DEA811A3F3045DB0DBD094A559434A1706FFF8F944D06C2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............6... ...@....... ....................................@.................................a6..O....@...............&...)...`.......5............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................6......H........"..H............4......(5........................................o....*"..o....*..o....*"..o....*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*...0..K........-.r1..ps....z. ...@3.(....*. ....3.(....*. ...._,.(....rI..ps..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Globalization.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.906255671226214
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:UZ4RLWdRfRJ0RZWOIYiQ3f0AM+o/8E9VF0Ny0AS1:UZK0pJusYiQsAMxkEbS
                                                                                                                                                                                                            MD5:9324D61CFB3F4FFAFB34F0939F2C4647
                                                                                                                                                                                                            SHA1:5355AE65F9AAC883803AAE52C9DD19AA3AE7CF78
                                                                                                                                                                                                            SHA-256:0F569BED08B58F8C9C88D7E6769D545F81DD55733C5E2FA8A2597AECC77922B5
                                                                                                                                                                                                            SHA-512:FB7544031A667677D13DC4376733203E466143845056B906C7CE2EDE48A6A683F83B7B59968EFFB5E18B92F138EAEC2C716777296F1393A2D1EC5221AEC1DA79
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................d....@..................................)..O....@...................)...`......h(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3......................................................m.....A.{.........U.................T...........#.....l...........>.....'...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.ZipFile.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.803212309684524
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:pYWsmWCIYiQ3WseIAM+o/8E9VF0NyaXfz:p2XYiQleIAMxkEgfz
                                                                                                                                                                                                            MD5:876200C570D6266B8C984902F6725509
                                                                                                                                                                                                            SHA1:70AC1C15E94AA8B011DDB8EB265AD25316A8081A
                                                                                                                                                                                                            SHA-256:3FD940492316F7603B4D50FA2B1210CB59CB1A6B499884E35090D13DAACD93B5
                                                                                                                                                                                                            SHA-512:9555734C33492B0C934FB3CC9C232CAA88AC508F12CB125AA7C72BE92E62C0E07588E5240338E053E65615A77F414CABEC85C989DB30AF9D2ACB9D944A456CC2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............*(... ...@....... ..............................N.....@..................................'..O....@..@................)...`.......&............................................... ............... ..H............text...0.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ...................... &......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................z.....N.....".....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........:.....C.....b...#.k...+.k...3.k...;.....C.....K.....S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.IO.Compression.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):105240
                                                                                                                                                                                                            Entropy (8bit):6.3860849704207965
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:pvc/U5yNq2oS4Zd0LE3YigSFvhoZO2K3aAYH2TfXmNoJXQ7QXx:lgk1tiLMYiDFvxqrWDWNoJXQM
                                                                                                                                                                                                            MD5:65ACA0E6B8B6F6D77023F1943E93451F
                                                                                                                                                                                                            SHA1:C2741DDBE182695DCE501BC7326533DEE45D0374
                                                                                                                                                                                                            SHA-256:67531BBCED35D5147946B072CB66E9C2CEB6008232075FB3A1C20DF2CD01B76F
                                                                                                                                                                                                            SHA-512:4BF40148AB9BC2AD6806B80E823EFDDF52B6BE2485A1B2C09CFA54D085E04BA7979056A090C8C0DA8F16AEB59286B54BC88142456D1C559EA2AD3C5ADDB96DD1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..d...........W... ........... ..............................a.....@.................................5W..O....................r...)...........V............................................... ............... ..H............text....b... ...d.................. ..`.rsrc................f..............@..@.reloc...............p..............@..B................iW......H........................9.......V......................................j~....%-.&(I...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r7..p.(....*2rs..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r=..p.(....*2r_..p.(....*2r...p.(....*2r...p.(....*2r...

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.DriveInfo.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.863991088788483
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:GKcuz1W1cWdIYiQ31+pKAM+o/8E9VF0Nyzxar:iu8gYiQ3AMxkE7W
                                                                                                                                                                                                            MD5:38A903473CEECD9A6F9F44FB38D52685
                                                                                                                                                                                                            SHA1:F4B19877B9A6BB9704CC545CCCCF455AE762150F
                                                                                                                                                                                                            SHA-256:72EEFFA9CB16BD0BF961D348CC56DB39E7A7D2C8A45780411B625F2F7F636822
                                                                                                                                                                                                            SHA-512:E9FA00514E1E2B62FBB3B8EFF7B625F2F3E085ACE553A97FAA975E836F3975F57DED503AEB22C86BB47D57F3FB864153391758CD34D1EF799952D69440ADCAAB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................=.....@..................................(..O....@..P................)...`......H'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..x....................&......................................BSJB............v4.0.30319......l.......#~......H...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................................p.....D.....9.....X.................W...........&.....o...........A.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Primitives.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.869552614184726
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:d+SWikWAIYiQ31R3AM+o/8E9VF0NypVEKXM:d+ePYiQDAMxkEZM
                                                                                                                                                                                                            MD5:F78542A53723C45E2CABF32807F6F18A
                                                                                                                                                                                                            SHA1:C94D60AB4B0E350792489E479BFE7AE8AF84295A
                                                                                                                                                                                                            SHA-256:727B9A556B43C687C0853BB4885492DE8B08475EDFCBB6AB3C57C91C0C39DF09
                                                                                                                                                                                                            SHA-512:07B93664DC6F539DBFB675C070085884D0114A5F9BA9F987B850400CCADC3987C251C11AD9AFB4E2DD810E369985A1C365D70E79C38506327B1E763EA4679F0F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................a.....@..................................(..O....@..P................)...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....h.......#US.l.......#GUID...|.......#Blob......................3......................................................y.....M...........a.................`.........../.....x...........J.....3...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.Watcher.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.917847484860439
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:4AWzgWEJIYiQ3GMy5eAM+o/8E9VF0NyigyK:4tBYiQxyUAMxkECK
                                                                                                                                                                                                            MD5:A8E03B2B2DB2EACBF633BFFE3A5CBB95
                                                                                                                                                                                                            SHA1:B129695C862EA5D8ABB20222558AD9E72973F587
                                                                                                                                                                                                            SHA-256:D1B04FD6C194B6E10C0DE898C8D77F20A9E0404867A4D1A2EC28FF1FB0A0A410
                                                                                                                                                                                                            SHA-512:BF1555679D6646CBC45D24015282D7BC84AF9DE18017BAF9891B775921B66606D59509CA963074D3F284C89C27757D1A50A89A2B7C2C463BE8D28D07EAB1B5B7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................9....@.................................p)..O....@..@................)...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................C...f.C...:.0...c.....N.................M.................e...........7..... ...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.IO.FileSystem.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.874632474082433
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:EBLRWbYWnIYiQ3UGodnAM+o/8E9VF0Nyu:EB2+YiQBUnAMxkE
                                                                                                                                                                                                            MD5:4E102BAF4F42A92B8C99A1C50B6FF1A3
                                                                                                                                                                                                            SHA1:5BA057E43718860C1F2BC3EACD6A20F55D50B5F4
                                                                                                                                                                                                            SHA-256:6987A172110950732FB9BA32F66A807A131EDAD67F3EB3CCAAD7AB2BD907682B
                                                                                                                                                                                                            SHA-512:62F76D56C971D7350696EEC388AC1309926B6CAA395EB02EAC0DB7C2C1F9B3CD26738AB55232735E7ECF409D958234A911090405377B8022574641A889718E41
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............b)... ...@....... ..............................G.....@..................................)..O....@...................)...`.......'............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................D)......H.......P ......................X'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US.........#GUID...........#Blob......................3................................................../...z./...N.....O.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.IO.IsolatedStorage.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.8571197808213515
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:3ZxcMRW4/W5tAIYiYF8uegv7cER+e/A5K+o/y2sE9jBF0NyAa:zHW4/WXAIYiQ3Ce/AM+o/8E9VF0NyD
                                                                                                                                                                                                            MD5:59297CF9A5FD9E8411EBFEA73623EB82
                                                                                                                                                                                                            SHA1:6B678B827FA470B31623050656853965F865E40B
                                                                                                                                                                                                            SHA-256:5190EA3C0BDAAAD35DE2309E48BFEF63844FA54691F63721C5F79E24F5AA3E03
                                                                                                                                                                                                            SHA-512:171FF1F84353AA4D1DD311D05A8C97DFA22F7A005EC85459A692D1D5EC504F2B49549ED7E8E52D71BFFFC3A2464CEAA5C44FF05B6A70973C3DC565ED3A9B6CF0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@.. ................)...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......\...#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................+.....+...^.....K.....r.................q.....'.....@.................[.....D...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.IO.MemoryMappedFiles.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.919570241054579
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:vvk7hWmCWJIYiQ3v5zAM+o/8E9VF0NyS2:vs7/yYiQRzAMxkEh
                                                                                                                                                                                                            MD5:06749E9551CCC31A0BFBB53D68C3F038
                                                                                                                                                                                                            SHA1:6C3F67D2D70728F4F5C0CE18D8E601C0231A2DFF
                                                                                                                                                                                                            SHA-256:49E75F024C074397C53DBF0167A590309BC5DC2B859C29C94681452138D285E6
                                                                                                                                                                                                            SHA-512:10CC45CF85E468D26A32EAF0AB89B4B2246B91E3A89F91F10551F73E18423485398243702DD163D5693741971902C93430E2CF18EF0770DB37A14466FF66B527
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................Y.....@.................................h)..O....@..0................)...`......0(............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................)......H.......P ..`....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....8.......#US.<.......#GUID...L.......#Blob......................3................................................ .C.....C...w.0...c.............................@.....Y.................t.....]...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.IO.Pipes.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.880702327205784
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:8UiW2xf+C/WCUW5JIYiYF8uegv7cERZFZFA5K+o/y2sE9jBF0NyZaiA:KGMWCUWvIYiQ3XTAM+o/8E9VF0NyEp
                                                                                                                                                                                                            MD5:717D0191A5268B8C13138809BC89616A
                                                                                                                                                                                                            SHA1:D9F746FAB9A261F4199419F04F5DF789AEFC23F1
                                                                                                                                                                                                            SHA-256:FB65D163A822CA3D7BB10807240B3D1D627BBF4DE15565F9F070733FD42B40FE
                                                                                                                                                                                                            SHA-512:8901B2044CE8B7A9E6BAEC082661A1EE9B1308CB7655359CB6A8EDDEF9F3FDF8C2E64268ECABFEB2F7A91B6A2E456A672E85F7381E4ACE5EB1C3F1E1FFBAE73D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@.................................@)..O....@...................)...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................t)......H.......P ..8....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US. .......#GUID...0.......#Blob......................3..................................................].....]...T.J...}.....h.$.....$.....$...g.$.....$...6.$.....$.....$...Q.....:.$.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.IO.UnmanagedMemoryStream.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.863332706665763
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:8BhwI7WSQWrIYiQ3a0AM+o/8E9VF0NyujE:8DwIByYiQXAMxkEkE
                                                                                                                                                                                                            MD5:915EC30D528032085F230CC560661522
                                                                                                                                                                                                            SHA1:980D744405A7C83680EEC9214D1AF31BCE36E63F
                                                                                                                                                                                                            SHA-256:A537FFE3A0AF78C95BEA65578BFBB42FF0FA194C573E911102C9F6DFA68B41B2
                                                                                                                                                                                                            SHA-512:142E5988C81CE7B486574BA799D2EDE16A02D25F1F6109ABD7AFE30D2DAFA78207396E9EB2B97B81B1F279612623F7D8EE60859510863CD0B6939B684A61926F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................l(..O....@..P................)...`......4'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..d....................&......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................f.....:.....2.....N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.IO.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.880210671179282
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:rNc/vlxK6FW4lW5KIYiYF8uegv7cERyj+A5K+o/y2sE9jBF0Nymai:xyvPRW4lWgIYiQ3e6AM+o/8E9VF0Nyh
                                                                                                                                                                                                            MD5:37551A80CBA83DF2909831ACD08F3E56
                                                                                                                                                                                                            SHA1:52D20A449A27BB651C293830D143B4550B9BA324
                                                                                                                                                                                                            SHA-256:8EF3C3D8EDD19183056B2E36E45917C7B666968AC4991BF177AD68D5FE28D985
                                                                                                                                                                                                            SHA-512:8234ADE569DD58EC5D908BEBC9A488B9DB91FEDB912BCDFE19E2125359899787F1A2318C3E970F5E786D3211F19308F9178D9038B56E7AA5006CB295C8823A7B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...................................@..................................)..O....@...................)...`......l(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................f.....:...........N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.&...K.F...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Linq.Expressions.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16664
                                                                                                                                                                                                            Entropy (8bit):6.832544481197567
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:Snhp+J2sx/5W6eW5JIYiYF8uegv7cERFQuV9A5K+o/y2sE9jBF0Nyfa:06RW6eWnIYiQ3RQMAM+o/8E9VF0Nyi
                                                                                                                                                                                                            MD5:102E07AAD83809C7EF0A1788FA57B2A9
                                                                                                                                                                                                            SHA1:FC664FDE0D335E140CA2F219E0A380B3A5FDE174
                                                                                                                                                                                                            SHA-256:A5727036ADCA5B36E0AEFBC21AC1D047CA5E2338A8BAABBE6713B87680E857C0
                                                                                                                                                                                                            SHA-512:13AE312BD7ED55FFD51C9CFFE1F21A85FC04B1266894FAF3CF9C5098AC6388E5C5A41A5E875585995F8EF90242C7E0FE3B7D9DAFD27C3F58729FD6AFAEB71340
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............-... ...@....... ....................................@..................................-..O....@...................)...`......P,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l.......#~..\.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3......................................5.........c.............z...............(.....E.....................................Q.........../...........b.....b.....b...).b...1.b...9.b...A.b...I.b...Q.b...Y.b...a.b...i.b...q.b.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Linq.Parallel.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.8659933169603375
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:YSUP9W70WVIYiQ3RrgxAM+o/8E9VF0Nyikp:dUegYiQZgxAMxkET
                                                                                                                                                                                                            MD5:DE7B707849C16BF35BE4499AD042063B
                                                                                                                                                                                                            SHA1:84298E1077CBEEDAA34AB85DF106C61B7BE86D17
                                                                                                                                                                                                            SHA-256:C1D4B47B56D9D1C56BC930BE0F7DD96C8D506EF11F4AC35ED45F16D74538029A
                                                                                                                                                                                                            SHA-512:FBEC3CC392F266440F9DE41CE16F04E5930CECA4A8652345CB9B65F3BB93F862043D21365BAC08E5AF6E9C91CD83062B85BCB6493165D36375CF5789F6DFE951
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................i.....@..................................(..O....@...................)...`.......'............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...x...#Strings............#US.........#GUID...........#Blob......................3..................................................&.....&...p.....F.............................9.....R.................m.....V...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Linq.Queryable.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.860212128735241
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:v8yg07W0/WzIYiQ3HBZAM+o/8E9VF0NyVArlm:vBHBYiQRZAMxkEg
                                                                                                                                                                                                            MD5:75AE7CD3768A46730C76DDDFA9CCB465
                                                                                                                                                                                                            SHA1:ADD8F78E2AC4E4620C52B03107EB907B3D3367EB
                                                                                                                                                                                                            SHA-256:4BC6DBE89E68C2C44048395476618B0AD607B8855F1387018E019B2AEB908456
                                                                                                                                                                                                            SHA-512:75BC4210C15E8F78AB4899DCF8C053FBE58E32E15B0D652076C67608D5800CF312EB52BB810AF1992473649C23789E71E948654FF5C04443F0A67E1AE1ABD71F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................!.....@..................................(..O....@...................)...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...d...#Strings............#US.........#GUID...........#Blob......................3.................................................."....."...m.....B.............................6.....O.................j.....S.......(...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Linq.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.824441116064131
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Ne1WmRW/IYiQ33MpZ4AM+o/8E9VF0NypZ+8:NejTYiQspWAMxkEJ+8
                                                                                                                                                                                                            MD5:4D81F121548BBBF25409914DCE4CE03B
                                                                                                                                                                                                            SHA1:F44533EF2046AB6F86F00765959D6CFD8401675A
                                                                                                                                                                                                            SHA-256:44317ADA70254B3D0C0309C1BD86F6DAF37C73569490536DAA9F5C156B9FEB3B
                                                                                                                                                                                                            SHA-512:A44C49EFDFC8448FCB2B72593C69D6840A83971229D9398304D13E422B7D6E06B55EA2EC055EE4D9886E986E5023E8AB64A4F986C79AE9AC582DF85A979305D4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................p(..O....@...................)...`......8'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..h....................&......................................BSJB............v4.0.30319......l.......#~.. ...0...#Strings....P.......#US.T.......#GUID...d.......#Blob......................3............................................................f...........z.................y...../.....H.................c.....L.......,...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.(...K.H...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Net.Http.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):192792
                                                                                                                                                                                                            Entropy (8bit):6.117612004400088
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:TeruQlNGOhYq0AQcTvankc+8lbKta4FUPAT8xpRI454I/Kv6RpZ8dwPSghM:uW60VcTvakcXcApO
                                                                                                                                                                                                            MD5:FDAFB488FD6DF8CD1D0231004B57DC46
                                                                                                                                                                                                            SHA1:5BB11C37014BD09603F9E4D1040D2FB130C89E85
                                                                                                                                                                                                            SHA-256:F424CE2A87B44C09B64891339ECDEB1DDF0664B341133D177BEA7A0F18857533
                                                                                                                                                                                                            SHA-512:4AB956D3BD1AED8C7466D37492CBE8E16DBB6EA91D131D2FD996B5D56B6583A17343E8E8EF648B3AD788B459B455D095A4A62F34F99D040D2994C19CB8F9BDF5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.................. ........... ....................... ......u.....@.....................................O.......h................)........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........$..H...........$....,...........................................0..,........ ....1.r...ps0...z.............(.....s1...*.0..l........J.2..J.o2...2.r...ps0...z..Jo3....%36.o2....JY.2*..J.Xo3.....J.Xo3...(...... ........J.XT.*...J...XT.o3...*..o2....Y./..*..o3....%3 ...Xo3......Xo3...(.... .......*.*..0..=..........J...XT..%....J...XT.~..... ...._.c.....J...XT.~......._..*....0............02...91...A2...F1...a2...f1. ....*..91...F1...aY+...AY..X+...0Y...02...91...A2...F

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Net.NameResolution.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.847498848337345
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:MZsxgyrWYLW552IYiYF8uegv7cER3GaDA5K+o/y2sE9jBF0Ny4abnyxmJ:C6ZWYLWaIYiQ3j7AM+o/8E9VF0NyLjy
                                                                                                                                                                                                            MD5:CD8CBA219E9C3A8E4019F1F1CE6589E5
                                                                                                                                                                                                            SHA1:9B92BAC1C9AE24CB548204B622D4E8E8A4E21845
                                                                                                                                                                                                            SHA-256:96C305EA6C0625FECD79BEE4255F9D28091766616F45C80B60D85B6AECADE995
                                                                                                                                                                                                            SHA-512:AC4F330D408E6D4455406BABEAE4800BBAB761C90EEF5AEE9EC81BDC1884C19C30DBD611C00407CBA70EAF860CF44BDA6F7E77AD5251E2C4BA53A88609687962
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................^.....@.................................T(..O....@.. ................)...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......0...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Net.NetworkInformation.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16664
                                                                                                                                                                                                            Entropy (8bit):6.802500272125165
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:+1W1WMQWlIYiQ3ln/UAM+o/8E9VF0Nyk:91cYiQVsAMxkE
                                                                                                                                                                                                            MD5:442409F23D4C34BACF439370FBE90C17
                                                                                                                                                                                                            SHA1:696717AE91553FCA366752ED504C371E5F9ABABE
                                                                                                                                                                                                            SHA-256:B508DB1E6F2A6712E005B6DFEE55FA5C72A86A314AC0167ACC3CD99311B0B720
                                                                                                                                                                                                            SHA-512:921893BF51B5036CF42D3E1F0AFFBCBED0B5727176D6E89F5C6D89805C80551F4A3C63FBEA08A651BA988FAE21625CBD2E2F029BA9C32F767E892541F747637F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............,... ...@....... ....................................@..................................,..O....@..@................)...`......p+............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3................................!...............E.................%.................'...........e.....~...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Net.Ping.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.839752638272101
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:jQ/rx72WSKW5XIYiYF8uegv7cERZIGA5K+o/y2sE9jBF0NyRadJy:MdSWSKWZIYiQ3NIGAM+o/8E9VF0NyMS
                                                                                                                                                                                                            MD5:68FA73680CB1E48FFEC95D2B8332FD8A
                                                                                                                                                                                                            SHA1:5FFA211B721B2B5D41F91E38A22C78FDBE2BD076
                                                                                                                                                                                                            SHA-256:CBC02A78DEC15F9554BEA3A2F89888A4B8101EF087E0874D0189A23BE31840A0
                                                                                                                                                                                                            SHA-512:D33F4591A8DBA10F24B7C784D126E0904A5A246DBE17DE463B8EFDD56B54C77D41CA3A40FA936A29D3CB877CA0A0CDF6C65F0A617E750297D400D5FF07AAED63
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@...................)...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...L...#Strings....l.......#US.p.......#GUID...........#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Net.Primitives.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16664
                                                                                                                                                                                                            Entropy (8bit):6.756182397719121
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:fJEYA2WkIWWIYiQ3i34tAM+o/8E9VF0Ny05:fyYA8lYiQW4tAMxkE
                                                                                                                                                                                                            MD5:0C1917BBD9C6A474A4B58E25313A6C58
                                                                                                                                                                                                            SHA1:63DD3E38514437D04CCA206BDB0A8CD586ED4681
                                                                                                                                                                                                            SHA-256:4AA518E62109E16B77BAEFC767CF24993D6BBB063C4B9CC4D75EBED8E796E740
                                                                                                                                                                                                            SHA-512:FFD55A537379ADE106110B4477E8609D57C573BFF03A12C2A62A7DCA7C31237A3042DA771614B29DDC01A01739F52B13ACAFB20277A529D66ACF3A02E3804B1E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ....................................@................................. ,..O....@...................)...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l.......#~..|...x...#Strings............#US.........#GUID...........#Blob......................3......................................$.........N.U.....U.....-...u.................0...........n.........................>.......................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Net.Requests.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.882655819453741
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:ol0qgopJ5xBcWe4W5SIYiYF8uegv7cERQcsA5K+o/y2sE9jBF0NyiasKz:gJGWe4W8IYiQ3UtAM+o/8E9VF0Nyln
                                                                                                                                                                                                            MD5:5E7252E712EA9D260110592B7F6C48A6
                                                                                                                                                                                                            SHA1:7F9E77F7332DC0BA356116E84D6B15EBD25F1832
                                                                                                                                                                                                            SHA-256:EE4DD236E95A1C182B9FE7AD5A9168BB3CC4C5E1AB99FCF35D479C38ED7AAE67
                                                                                                                                                                                                            SHA-512:3EED4F316E7E35D21B3582A4F1751E4CD2E38461F052D155BE09FDC48785182C2888E25DFE4635D8BF662F4375BBC6F1EB856D6A4BA8F8E824BBE8B30D8AC011
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ...............................g....@.................................0)..O....@...................)...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d)......H.......P ..(...................x'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings............#US.........#GUID...........#Blob......................3..................................................4...~.4...R.!...T.....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Net.Security.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                            Entropy (8bit):6.79719510195661
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:VdW1w3WesWpIYiQ31nAM+o/8E9VF0Ny3ne:C1wxsYiQtAMxkEte
                                                                                                                                                                                                            MD5:73F559AFCB4E9C68D51D12F8A354EB21
                                                                                                                                                                                                            SHA1:A5527DE964AFE676635CDF0C3A5BEA4606DEE5DF
                                                                                                                                                                                                            SHA-256:5C7FCC123B5C056F890BEB02ABF48968D22E9DA998EC5F84746D45B20D868431
                                                                                                                                                                                                            SHA-512:D4E4D3A395B3D654AB4C605B0963CB85F000030DC3BB89687933769E531E8C419893875AA77826063BC3ECE5170EC180FFA8D9E9B50FDBA57EEE14DE0E305E93
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............~*... ...@....... ...............................$....@.................................,*..O....@...................)...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`*......H.......P ..$...................t(......................................BSJB............v4.0.30319......l...$...#~......t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.<.....<.....<...C.<.....<.....<...[.<...x.<...-.......<.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Net.Sockets.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):24856
                                                                                                                                                                                                            Entropy (8bit):6.60337604357524
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:aylNGlfdqj5531HJTABhf8g2MkO1ICMbmiT2Y4Y3ocWS9sWvW8YsW2GIYiQ3ovA7:ayp12Bhkg3qnV/sIbYiQSAMxkEk9
                                                                                                                                                                                                            MD5:721A2A3F749E76570454F8610223A81A
                                                                                                                                                                                                            SHA1:616535F4816AC0A2A4D001AE94C4355BABD7A3C9
                                                                                                                                                                                                            SHA-256:6F8A911B93DD06B124BCC1D974FE9B129DFBF7C756ECA67E1182C0B060CF2136
                                                                                                                                                                                                            SHA-512:15CDE19DB8A4AE0C58833EA7BBDF4D5FBA3991652D7FBBF292B92E05501A5C5505F1420B3C6EE67EEDF90E434D77179082716B316B62AF0FFE6C3FCA6BE63C3B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..*...........I... ...`....... ..............................x.....@.................................gI..O....`...............8...)...........H............................................... ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............6..............@..B.................I......H.......H(... ..................HH.......................................0..J.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%......o....*...0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..K.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%.......o...+*..0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..L.......(....~....%-.&~..........s....%.....~....%-.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Net.WebHeaderCollection.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.86368419354242
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:SHPAW1bWLIYiQ3mDccAM+o/8E9VF0NyxE:KrhYiQ8AMxkEs
                                                                                                                                                                                                            MD5:EDD3F2BB8AC1858F5632B74B7241C95A
                                                                                                                                                                                                            SHA1:B3A597F92ECF66E07922CC1AE7ADB6A7C7391A4A
                                                                                                                                                                                                            SHA-256:28F37C5EC5878557E72E0170436B8B2C9284480B3FF673EDE73E82DDA34BD448
                                                                                                                                                                                                            SHA-512:D3E2A65BFE31ABD8280EDDF331329D87C906CEF707AFE08CCD3FCE5187EBCD1A2A224FD99A742D01C76BD1FA00F911E783A62A5128D9EA9D582531DD61C50AF8
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..P................)...`......P'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3......................................z...............\.....0.....3.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.Client.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.8625488280566
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:A+TxwFqWD7W5TIYiYF8uegv7cER0MCIA5K+o/y2sE9jBF0NyOaBr4:bNoqWD7WdIYiQ3AmAM+o/8E9VF0NyZB
                                                                                                                                                                                                            MD5:BD7027B01BAE5739F06C753C9FE7959F
                                                                                                                                                                                                            SHA1:32B3E6A17E273D5C755AEBF016A2A44A4CC3C7E9
                                                                                                                                                                                                            SHA-256:FE77EBAF85404C650FC8DF99BAD9D0797A4C7F31CABF15AE371ED32448DD9D65
                                                                                                                                                                                                            SHA-512:8EDE9225F7C915F660773B1BD8DF11151B625866E52FC7534EDF8AB7CCA0AC7ACE083CDAC423FF216D3FD89D5292C6FEFD075BA7BC2FB5A9B2DD0BCB190271E6
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................\....@.................................|(..O....@..@................)...`......D'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ..t....................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Net.WebSockets.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.872682990269314
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:mGETSAWUEWFIYiQ3ZLaAM+o/8E9VF0NyD/J:MT1MYiQsAMxkENJ
                                                                                                                                                                                                            MD5:A4A9F365A1CF3DC942D7CCB771D7AA64
                                                                                                                                                                                                            SHA1:EA3EA7B8DE598D6ACAEDAB12F0E76AEFAA3B1A41
                                                                                                                                                                                                            SHA-256:1E10E8A793BF78F02DA384B9FE015F1DAE0F1177D47DA7FA626FF222D4D22665
                                                                                                                                                                                                            SHA-512:3ECB7FB233DF9824F3B13B011B41BA243474D79CFA9DC612EC6A77B757AD1741BD150EFD62510EC02607A85DDE4004BA241AD0DD98F72B8353D9EBEE4EC03D45
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............B)... ...@....... ..............................A.....@..................................(..O....@...................)...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3............................................................T.....,.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.ObjectModel.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                            Entropy (8bit):6.856964843992838
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:ecDagtDApWSKJWaIYiQ3TRONAM+o/8E9VF0NyQTV:ePKBYYiQcNAMxkE6V
                                                                                                                                                                                                            MD5:42B44BFF40B438CBF47A69ED1D138A0B
                                                                                                                                                                                                            SHA1:D351DB997D9D4014571009C66C34900D38EF84A4
                                                                                                                                                                                                            SHA-256:3A6CABBCCBDCBC69FBEBF4686BFE026446837C8A0124794F30675CA4BA9259C2
                                                                                                                                                                                                            SHA-512:85FFB41A6612D2AD9FFFFEB0AF876D8F5C9CB233CB1A256EC4CE61FEF018704D3C53C0A70093A378ADE50A51464D0908FE0E993A3CA9E039A9DA8B1D84B89032
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............+... ...@....... ....................................@.................................0+..O....@...................)...`.......)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d+......H.......P ..(...................x)......................................BSJB............v4.0.30319......l...x...#~......$...#Strings............#US.........#GUID...........#Blob......................3......................................x.........w.o.....o.....\...............<.....Y.................................................G...........V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Extensions.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.8650234723141175
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:M6NxhqWD4W5OIYiYF8uegv7cERYcMKCEA5K+o/y2sE9jBF0NyMamq:5IWD4WIIYiQ38cXAM+o/8E9VF0Nynmq
                                                                                                                                                                                                            MD5:AED785AD8E2FD1773EBA4C3B3176A651
                                                                                                                                                                                                            SHA1:7F4F0906EAA0B2CE730CA458756BF832006ED317
                                                                                                                                                                                                            SHA-256:77315354BE4E5DF8B6DC97B4355A8C1A2B8194CFD801A03F99591697C64B6BE4
                                                                                                                                                                                                            SHA-512:6A850CEADE31667BB9D3CA04B07027DD3AF86711BB04157E9903427F6CE554045961711E0731DCC230424A3AFF65DD0995E340A9F62B3C945CA48C10330764C1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..@................)...`......\'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....d.......#US.h.......#GUID...x.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Reflection.Primitives.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                            Entropy (8bit):6.794459752733996
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:lMWzQWnIYiQ3aNc9JAM+o/8E9VF0NyspDB:l56YiQmyAMxkEIDB
                                                                                                                                                                                                            MD5:4530257805D46B0F14EE2BE146D8DC26
                                                                                                                                                                                                            SHA1:A9A3F1955089DC9CDA081F64B868B4AEF8E902EB
                                                                                                                                                                                                            SHA-256:5D9D7681642B9C32F7AB665B79215CC0D59AD853D500D590F3F2D6E6CBE873AA
                                                                                                                                                                                                            SHA-512:B70BBFB18788C21A32E5648079B2D11233B033CFF282758FCC817B1421E565B621E2EB9D379C91CBF9621F6C4DCC9E55E1378C7991E62DCC7F2A4931D40E24A8
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............N*... ...@....... ...............................?....@..................................)..O....@..@................)...`.......(............................................... ............... ..H............text...T.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................0*......H.......P ......................D(......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................z.....N.....:.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Reflection.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16664
                                                                                                                                                                                                            Entropy (8bit):6.731470377549001
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:FxDHKWAMW8IYiQ3sRvFAM+o/8E9VF0NyILs:LD87YiQcFAMxkEN
                                                                                                                                                                                                            MD5:B61820A6CA832342FC9A18694745F93E
                                                                                                                                                                                                            SHA1:4288292ED133CA73AEB2031636283A81F2570879
                                                                                                                                                                                                            SHA-256:043EB2779BFBD335BEC9A5AAA09D85C5E763B3E499F092DF65074F0020FAFA9C
                                                                                                                                                                                                            SHA-512:66E3B8CB1AFFEDBABC67BB00260C499E90A13A9AD7497971A1AEFC353E1FE55D0ACDBBC13ECDAD05E741A14C5F43CA576BB9820CAD6E259CD7A27F98954B9082
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ....................................@................................. ,..O....@...................)...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l...H...#~......D...#Strings............#US.........#GUID...........#Blob......................3................................"...............1.............{.................................Q.....j.......................n...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Resources.Reader.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.843017083995019
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:8LNBEW6pWgIYiQ3t0LmkAM+o/8E9VF0NytTK2:8bMSYiQApAMxkEfK2
                                                                                                                                                                                                            MD5:B7F56C9FDE7B92478A6876D2FF36FAB8
                                                                                                                                                                                                            SHA1:C678696936D878A2F2F70FE0307EB3CF621B1E4C
                                                                                                                                                                                                            SHA-256:46649D90B96F52EEFEC5A405040754DD46B060753B4F2686D519B5E7C2733A01
                                                                                                                                                                                                            SHA-512:B5CAF77D64A469D79C94DD53A4E0AFA156BC1A570BD1CED882065F8184EF1FE8101DE5054E6CBD39D599AD3A43871C5CD8326A374FE69AF8A58B88B5203DD402
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................G.....@.................................D(..O....@...................)...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Resources.ResourceManager.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.88831590559411
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:jKkHKW/tW6IYiQ3h7fuGbAM+o/8E9VF0NyJ:muAYiQxGaAMxkE
                                                                                                                                                                                                            MD5:29DBAA087BFC8F12B0BD889AD9B26BE0
                                                                                                                                                                                                            SHA1:DBF18719F37F2A15FF0B57F80F8267A866BD017D
                                                                                                                                                                                                            SHA-256:3F65230A107969B53C061F0BD3AE5BE813B6C28AC02F7868E5DA0C1802E84EEC
                                                                                                                                                                                                            SHA-512:5FC81A0456E311B320CD36A84BEF78FA06301AF2A89E3E468144482B4C085CB6FC3FB7CA999364F6027EB5788B201E7CF553712E7CC1217E3286617C22F9773F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@..`................)...`.......'............................................... ............... ..H............text...4.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................$'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................W.....W...R.D.........f.......................=.....V.....}...........q.........................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Resources.Writer.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.836798359941617
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:rLnfIWqrWpIYiQ3pvwDAM+o/8E9VF0Nyvgh:rDf4PYiQAAMxkEC
                                                                                                                                                                                                            MD5:A2010AE2D9806CEDE19DBB92A7A5444A
                                                                                                                                                                                                            SHA1:85A62D3A4EC93BAF1C376639EF6E84B26CD15077
                                                                                                                                                                                                            SHA-256:1308FF1119F60030BB1C6A8846BC8E349DFB0104A032905E7167580C947D373A
                                                                                                                                                                                                            SHA-512:985E934AC82DFBC098108DB61327FDDD2EB2BD07ED9EAA723C5A6DA14E2D09314912C6BB35BE9351D88221DA4A7441D32B662786E4BD66E1FAA8194E3702E486
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................D(..O....@...................)...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Runtime.CompilerServices.VisualC.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                            Entropy (8bit):6.8231441500564936
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:zna8WK1WwIYiQ3VG4oAM+o/8E9VF0NyrTOI:zna0OYiQ0AMxkEV
                                                                                                                                                                                                            MD5:09DD53C73FADC311EC8632614682DDA1
                                                                                                                                                                                                            SHA1:3298906471C8669A56B67F770437030CBBA040DF
                                                                                                                                                                                                            SHA-256:4B1BBB19088731B2F5241E7F176EB3710B24BDD3B17A935A95490C43F0DCDEBF
                                                                                                                                                                                                            SHA-512:3EA4093C743816DFB64FF91E6C9F58711C2802532420C3CC72CC611E837B4AC2A3BDB08557A3C9240A8589D809FA5FF2F68732ABCB2321EDE9A96DD7337781A7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............j*... ...@....... ..............................;.....@..................................*..O....@...................)...`.......(............................................... ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................L*......H.......P ......................`(......................................BSJB............v4.0.30319......l...@...#~......0...#Strings............#US.........#GUID....... ...#Blob......................3................................................w.................!...........<.....Y.............................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Extensions.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                            Entropy (8bit):6.776137531559141
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:yBSWITW4IYiQ3NxMqLRAM+o/8E9VF0NyUce:y6AYiQDMqVAMxkEs
                                                                                                                                                                                                            MD5:115E56C9210722B8349ECF79258208BB
                                                                                                                                                                                                            SHA1:FEEC9B943F8583E19CBF158468AEDB0CDC7BB741
                                                                                                                                                                                                            SHA-256:9C5FCA5828B141E34D9F2F2F0F314CB03DA3068A21A994592B582C831045A141
                                                                                                                                                                                                            SHA-512:CFFEF0EB425F4748C04FA4C00142FAB2618D3C703A95199435AB8053FECB27654575DF9DFD06A4E47DAA103476837768E4886461C470A98C25997075731D40AA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............*... ...@....... ..............................7.....@..................................)..O....@.. ................)...`.......(............................................... ............... ..H............text...$.... ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................|.....|...S.i.........g.................f...........5.....~...........P.....9...................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c.......................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Handles.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.88250029852906
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:D88cIIWNoWWIYiQ3pqhAM+o/8E9VF0NypRq1:D9cUZYiQQhAMxkEF+
                                                                                                                                                                                                            MD5:2617DA84348FC3E0028CE5C1F59A3F24
                                                                                                                                                                                                            SHA1:69FEC0D7946E0F2198C84346B69CE7A535EF9B6F
                                                                                                                                                                                                            SHA-256:701319FBF7637315E21DFA1F9D6C3F0C818A0BEFF35C47A2BA77EC2B07367193
                                                                                                                                                                                                            SHA-512:36DA8A3EA1EB0D93DAB0F164DB216C0D682181A5A56CDE161C854FD6E7E42A67088BCEE432341D5A58349151F37F80D1975B967D9C6F016BEB67C36C95FDF03E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............V)... ...@....... ...................................@..................................)..O....@...................)...`.......'............................................... ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................8)......H.......P ......................L'......................................BSJB............v4.0.30319......l.......#~.. .......#Strings............#US.........#GUID...........#Blob......................3..................................................*.....*...c.....J.....w.................v.....,.....E.................`.....I...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):22808
                                                                                                                                                                                                            Entropy (8bit):6.62653900975139
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:nkUwx9rm5go1fWKmmW4oqN5dWjaW+IYiQ3m+jyAM+o/8E9VF0NyL:GrmoFmWXXPYiQtyAMxkE
                                                                                                                                                                                                            MD5:08E90A92212514DDF9EAEF37937D5F34
                                                                                                                                                                                                            SHA1:9B4CFBB952EAC15F0B1F3303539074219DAD5FAA
                                                                                                                                                                                                            SHA-256:993CDA21A4E35D3E0D08DDAF90B6BF92512F4CA28D8B01D425FB241EC6CBFDE4
                                                                                                                                                                                                            SHA-512:F9A61CC88CF59837887B734F06ED14ADE26657E4C1B64D43814D7290B5D62AB703759D8DDCE534DCF8A7FCB9DF95F4436F0A7B55B90F226DE239DC7E39589F5E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..&...........E... ...`....... ..............................v.....@.................................PE..O....`..x............0...)...........D............................................... ............... ..H............text....%... ...&.................. ..`.rsrc...x....`.......(..............@..@.reloc..............................@..B.................E......H........$...............A.......C......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r/..p.(....*......(....*2(.....(....*^~....-.(.........~....*.0..........~..........(.........(....-Y..(!....{/......5..,

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Runtime.InteropServices.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):18712
                                                                                                                                                                                                            Entropy (8bit):6.686579781495355
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:S09bOAghbsDCyVnVc3p/i2fBVlAO/BRU+psbC984vmJHrE1dtx66aI2sU52RWVsd:jOAghbsDCyVnVc3p/i2fBVlAO/BRU+pX
                                                                                                                                                                                                            MD5:356226EDBBC8D5F02F70EDA9BC5C9548
                                                                                                                                                                                                            SHA1:D4D9DD03FB2E512CFCC78525EC614C373D3A69AD
                                                                                                                                                                                                            SHA-256:61B648FE96266823A3A5F80B29847DAD8D055FFAFD29A59A0E9BCBE378D9C7BA
                                                                                                                                                                                                            SHA-512:F2E45F6DA95FB5EC862E748B91394DEC2FD3F487A17EF24F91E65213A4EF3EC5772316E4F8C191A675CBD3A656331C3C4695AD584AE5DC0D08777E990DCECEBB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............r5... ...@....... ...............................F....@................................. 5..O....@..P............ ...)...`.......3............................................... ............... ..H............text...x.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B................T5......H.......P ......................h3......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................r.....................e...........4.................3.....L...................................R...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Numerics.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.842788609605885
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:cMYx4AW6RW5fIYiYF8uegv7cERXqbA5K+o/y2sE9jBF0NyQa5AyN:a7W6RWpIYiQ3rqbAM+o/8E9VF0Nyzf
                                                                                                                                                                                                            MD5:11DE07C2EB8CDBCA805708B201BD18D3
                                                                                                                                                                                                            SHA1:434678AEFD905BB80C6DA0A270413853EB134ED5
                                                                                                                                                                                                            SHA-256:24E32BAC756BAA67D2309E992A1DE83DBBDA67F24D1AAF3DE6FA4AD0C5A1EDF9
                                                                                                                                                                                                            SHA-512:CAF03D88BCEBEDA0A6AC5379092A2063F16BE210F843A7129234BC0F53ACD3828F10CF3B85552030C8ED91FACF771E3E2DCA32F6A87B65E7263E40CD3B18E509
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................+_....@.................................T(..O....@...................)...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......4...#Strings....(.......#US.,.......#GUID...<.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Formatters.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.931288608446559
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:5I5HeWFwTBsWiIYiQ3sOuAM+o/8E9VF0Ny/u1:5I5HFwTBpYiQjuAMxkE4
                                                                                                                                                                                                            MD5:A833858089315F05F311086846A44D33
                                                                                                                                                                                                            SHA1:DAD25D2DBD281EAFF5E495F0E5BAEBB190EE913B
                                                                                                                                                                                                            SHA-256:889BC2D992DFA6E50A266D8926E497D537166C18781AEF2202029892CFE03657
                                                                                                                                                                                                            SHA-512:DFA51F586B30AF7621FC3DB5B58624E22E9D476DDE10E2978EE6B38A79A275211A8E27F59B69D35187AA5EE92BCF0683DD4C7F35A89FA851BBD2A9D8AA0FCE59
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@.................................|)..O....@...................)...`......D(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ..t....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....@.......#US.D.......#GUID...T... ...#Blob......................3............................................................U.x...........................~.....4.....M.................h.....$...................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r...a.r...i.r...q.r.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Json.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.896156364175732
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:RAJpVWbfkBnWkIYiQ3StMAM+o/8E9VF0Ny6N4sF:RAJpWfkBQYiQjAMxkEu4y
                                                                                                                                                                                                            MD5:C13C53F759AC76AC48EFF5A7DE1B62F0
                                                                                                                                                                                                            SHA1:17CC81129F990EEE6E6840FA0D45ABBB3243EDC0
                                                                                                                                                                                                            SHA-256:0236D87EF4BF45729FC113283E115F512AF5AFC16CFEA72F951772317D8D89BC
                                                                                                                                                                                                            SHA-512:576D6E477CA2E64C23C1576FC45D8220D1FBB83E8BB0512C78E2F2A7B80A4F8FC92AF66E79B57B5105AB6370C106320CA19E09276FF0D0B11239AD0E6EF8C9DB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............>)... ...@....... ...............................V....@..................................(..O....@..`................)...`.......'............................................... ............... ..H............text...D.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................ )......H.......P ......................4'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...........@...\.@...0.-...`.....D.................C.................[.....x.....-.........................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.#...C.>...K.^...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Primitives.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):21272
                                                                                                                                                                                                            Entropy (8bit):6.552099023124321
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:y8R71h7yzt94dHWFgQBVWeHWFyTBVWMIYiQ3tNETAM+o/8E9VF0Nyab:v1dyAqgQBfqyTBCYiQduTAMxkEw
                                                                                                                                                                                                            MD5:01A0841A04BC4C73611317A0FE9447F2
                                                                                                                                                                                                            SHA1:226439E8C630425C6D944D7972F039C699FBAD81
                                                                                                                                                                                                            SHA-256:01374B760F8DE0A750B437B35A4E689CFE254110047B5C4D99BEB682664B9906
                                                                                                                                                                                                            SHA-512:1FFA7563B4351DAF3D4703286F575BCD14711B293F04652271C1FBD5EF71209864C36A28A413EB8059F871EB73079D18BFAF5F12AF53142EE11156FE0DCD0224
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............8... ...@....... ...............................;....@..................................8..O....@..8............*...)...`.......7............................................... ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`.......(..............@..B.................8......H.......|!..l............1..p...X7......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*..BSJB............v4.0.30319......l.......#~..h.......#Strings....\...4...#US.........#GUID...........#Blob...

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Runtime.Serialization.Xml.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19224
                                                                                                                                                                                                            Entropy (8bit):6.691845476988413
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:SpsBljcZQIVI8CNwbcyMWs4oBOW9MWG4tBOWKIYiQ3QopAM+o/8E9VF0NyWry9:YsPMQMI8COYyi4oBNw4tBHYiQrAMxkE1
                                                                                                                                                                                                            MD5:2C087D99EC40861DF1F93F00372FAD24
                                                                                                                                                                                                            SHA1:38D58C2549F851480D80042907CB884A05A5FE8D
                                                                                                                                                                                                            SHA-256:3118ECA8130FBFD29372DDED0D07174400C24E037A0357F4F11670848E9055ED
                                                                                                                                                                                                            SHA-512:703EFFA5F385F90831C3B5E995804789AFB6DCC82C3A1B39AB43DA228A08F4FE529B5F786F437BC26956CA02D463236DB80975C0A9DF7BFA3114464440A1090E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............3... ...@....... ...............................!....@..................................3..O....@..............."...)...`.......2............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................3......H........!..0...................L2.......................................s....*..s....*..0...........o....u......,..o....*.*.0..%........s..........(....r...p.$o......o....*:.(......}....*..{....*.(....z.(....z6.{.....o....*:.{......o....*.(....z:.{......o....*.(....z.(....z.BSJB............v4.0.30319......l.......#~.. .......#Strings....$...0...#US.T.......#GUID...d.......#Blob...........W..........3............................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Runtime.WindowsRuntime.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):22808
                                                                                                                                                                                                            Entropy (8bit):6.596646511586578
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:OB9g5l+A3VVdCRdtOfd7TCUBQ4BX8JZa6Si5HsOgrE2WGCWLIYiQ3I4ERRAM+o/w:+9g5HVVX12fsOgrE+QYiQREvAMxkEE
                                                                                                                                                                                                            MD5:42E29D8B9A29D6DA08BCC012E7BE1948
                                                                                                                                                                                                            SHA1:BE90A9B1A47B65BDF91275C690E22B7F5E4F0EC0
                                                                                                                                                                                                            SHA-256:64FA1405CBE3DAE7B30209A7C8D2A841F6C39A01ECC5AAE10BF38194AFEED265
                                                                                                                                                                                                            SHA-512:A2D84473AC0677F4B755A41AEDC17591CD68C02E2286D8B851FA5C87C37D4CBE8C33793EC0DB41D6738FCC3A446E6828B48A1A4812B9D9D4672E9F1B56AD8666
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP...........!.....&...........E... ...`....... ....................................`..................................E..S....`...............0...)........................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H.......<#..\"..................P ......................................'o...Ab]+.^nz..w..fBw..W.r..D..0...|..fc.x.@.J.S......_..t....&].. ~.8...t..j.j.W...g...d %..:/`b..X.q~....s.[G!]otwD..m...*..*..*..*..*..*..*..*..*..*..*..*..*..*...0...................*...0...................*...0...................*...0...................*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..(....*..*..*..*..*..*..*.*.*.*.*.*.*..*..*..*..*..*..*.s....z*#........*.**#........*.*..*..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Runtime.WindowsRuntime.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (541), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):76981
                                                                                                                                                                                                            Entropy (8bit):4.819464476297391
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:YNa7Vx5ughg2y1eEics/2cLtU+61hYg45bmZiNjcAjdKvj59znKSe5+YjTjljcKZ:YHeEUZtgsccITKSFYjxcKSskiKS1
                                                                                                                                                                                                            MD5:3A4E05CD88971CC7988F3179977192CA
                                                                                                                                                                                                            SHA1:C0F796775FB852E6F9F75AB70846EE49619D9988
                                                                                                                                                                                                            SHA-256:576D49F78CEDFC37A7F7452EA7519EBF690642EBB87D01AC777605FFDBC648B0
                                                                                                                                                                                                            SHA-512:4E649FE654160B8D2595927CB215F078E1D97EE5B1D366D0651743E143DD990867FFB3E6C69AC19AFEF0D75C9B8B28E36977AAA4D64C5FFD24B0037B04828479
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>System.Runtime.WindowsRuntime</name>.. </assembly>.. <members>.. <member name="T:System.WindowsRuntimeSystemExtensions">.. <summary>Provides extension methods for converting between tasks and Windows Runtime asynchronous actions and operations. </summary>.. </member>.. <member name="M:System.WindowsRuntimeSystemExtensions.AsAsyncAction(System.Threading.Tasks.Task)">.. <summary>Returns a Windows Runtime asynchronous action that represents a started task. </summary>.. <returns>A Windows.Foundation.IAsyncAction instance that represents the started task. </returns>.. <param name="source">The started task. </param>.. <exception cref="T:System.ArgumentNullException">.. <paramref name="source" /> is null. </exception>.. <exception cref="T:System.InvalidOperationException">.. <paramref name="source" /> is an unstarted task. </exception>.. </member>.. <member na

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Runtime.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):23832
                                                                                                                                                                                                            Entropy (8bit):6.337394346766595
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:7bhigwLAuZtM66g/Id7WVXW2IYiQ31LAM+o/8E9VF0NyvQA:7bhzkKsqYiQ9AMxkEP
                                                                                                                                                                                                            MD5:690AECA2FEDF3BAA5C1B98C86A17D30F
                                                                                                                                                                                                            SHA1:AA2383469C2B813F3192D04648B2D2D52348656C
                                                                                                                                                                                                            SHA-256:A58B1799A410CD5C1BED7B0E31D1625C593DE703D9717BBC1B124203160E68FB
                                                                                                                                                                                                            SHA-512:7D587B687CB45A80A4E0D27AB506F892B852EE0F0D73C8D037A190F53B4A46BA303B4F053DFDB4F7D056255000ADAF2BE44B5BFEFB442F9ED2EC2E0C9E55D6DA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..*.........."H... ...`....... ....................................@..................................G..O....`...............4...)...........F............................................... ............... ..H............text...((... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...%...................F......................................BSJB............v4.0.30319......l.......#~..........#Strings.....#......#US..#......#GUID....#......#Blob......................3................................................_.........................8.....8...*.8.....8.....8.....8.....8.....8.........*.8.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Security.Claims.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.871418537268813
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:WUcX6W9aWoIYiQ345ZCIAM+o/8E9VF0NyEv:WUch1YiQ48IAMxkE
                                                                                                                                                                                                            MD5:D64E6816BB506CA4530D699DCBB3C372
                                                                                                                                                                                                            SHA1:3A508F17EAB2512B1990BAB63A2BE65331F31275
                                                                                                                                                                                                            SHA-256:58770DD8F1F05F72E0CEECDA897790BE4035ED179B8A4D1708516C252198B46A
                                                                                                                                                                                                            SHA-512:F68653BC02A4796A8039ADD8017DA4776E412C1768F63927787A5110A22C321898BB973C7B9F3D87141E1718806B23C6ED1984B21A1D85E7C6F59CFA5289D4F0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............B)... ...@....... ...............................n....@..................................(..O....@...................)...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....(.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Algorithms.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):41240
                                                                                                                                                                                                            Entropy (8bit):5.965402526465017
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:loBj7kS+8mjvHTeaWKs0Sd4eeEYiQKDFAMxkEc:YPmb9WKs0PeeE7Qsxw
                                                                                                                                                                                                            MD5:534A1004BB9E3283A7955B65C44B9440
                                                                                                                                                                                                            SHA1:F6C7416664AC119770D18E00C3655972C45BCA30
                                                                                                                                                                                                            SHA-256:63FC2D5F6AA8CC83058D81C23B2B4C9A2D5927F2463DBEDECC6512E57CEB4101
                                                                                                                                                                                                            SHA-512:54C5BC92C31243F104019219F344AB064F649AC25480D26744E4A930F6004AB18CB48720990433AA81DAF4BD2B44FE0EBBC1107F8F1268A73F4AF8BEEE9E1827
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..h.............. ........... ..............................+.....@.................................u...O.......8............x...)........................................................... ............... ..H............text....f... ...h.................. ..`.rsrc...8............j..............@..@.reloc...............v..............@..B........................H.......P'..\8..........._...%..,.......................................j~....%-.&(F...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rI..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r9..p.(....*2rm..p.(....*2r...p.(....*2r...p.(....*2r=..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Csp.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.9018942588763235
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:cLtTL/WxOT6LoWPzW57IYiYF8uegv7cERaazCiJjA5K+o/y2sE9jBF0NyZa4:aTI2pWPzW1IYiQ3OGAM+o/8E9VF0NyE
                                                                                                                                                                                                            MD5:02800A49509012F6258EDE6AC9CE5CEC
                                                                                                                                                                                                            SHA1:1AE3AF0B077FD831C8364B5FA2A1A2CE112ED2B0
                                                                                                                                                                                                            SHA-256:541B60479A15DC40AF60A4650DF59274D3D84F8ADD41AC51E58514C924574A8A
                                                                                                                                                                                                            SHA-512:32EC013908144354B27B210DBA44740C0F0DA7A334496B7F3EBCBF55EF5CD1237E06E10319F3C75228999B1032B12968656C0C690A64920195A5D85E50F825DA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............^)... ...@....... ..............................@.....@..................................)..O....@..`................)...`.......'............................................... ............... ..H............text...d.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................@)......H.......P ......................T'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3......................................z...........A...\.A...0.....a.....D.................C.................[.....x.....-.........................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Encoding.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.918160771389363
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Ycezoy4W04WGFIYiQ3llHAM+o/8E9VF0Nyy5:YBzoy+3YiQrHAMxkE
                                                                                                                                                                                                            MD5:C286BEA5983F2D44E327A6243B8A5B21
                                                                                                                                                                                                            SHA1:9DB4B7498E91DB9D553A1C71C5148FEC9AEFB52D
                                                                                                                                                                                                            SHA-256:17BBA2BEAC6C4BAFE9161AE2BDCE10938230A796F98698A53CEBCD2B7D83F304
                                                                                                                                                                                                            SHA-512:4D87B180ADFAEE606A46FC54137FEBB6B935C52944E6EA6B602473F526D7CD3FC5EAFF915AA4B914EB88E25D4459B59C1BF9041E9B77DCD0E435CD47ADD2C35D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............~)... ...@....... ..............................ia....@.................................,)..O....@...................)...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`)......H.......P ..$...................t'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID....... ...#Blob......................3..................................................f...o.f...C.S.........W.................V...........%.....n...........@.....)...................M.....M.....M...).M...1.M...9.M...A.M...I.M...Q.M...Y.M...a.M...i.M...q.M.......................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.Primitives.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                            Entropy (8bit):6.810670666483841
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:WH/JWKpWWIYiQ3ywSaGAM+o/8E9VF0NyXy/:WH/jEYiQNdGAMxkE0
                                                                                                                                                                                                            MD5:049C9B459BC08AAB6FC616B06B979616
                                                                                                                                                                                                            SHA1:3DDF3D8C5250C5588AB9B651D500AF93E48A3E0A
                                                                                                                                                                                                            SHA-256:091519021CC119ACF55A2FDA114387816057A3726E59D0CFE404263E844A1C2F
                                                                                                                                                                                                            SHA-512:73361E0D925586936C6FF341A97C18DA8646762F9CFA183A39E199381FA75EA2484C834B968CF5AF4456075A8CD3E693F2348587293921CB927473F501DEA09E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0............."*... ...@....... ....................................@..................................)..O....@...................)...`.......(............................................... ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID....... ...#Blob......................3............................................................o.s...........D.....D.....D.....D...8.D...Q.D.....D.....D...l.....U.D.................m.....m.....m...).m...1.m...9.m...A.m...I.m...Q.m...Y.m...a.m...i.m...q.m.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Security.Cryptography.X509Certificates.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):17176
                                                                                                                                                                                                            Entropy (8bit):6.753442627812393
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:wTjbocNsWMhWFIYiQ3eh+b9AM+o/8E9VF0NyPJH:0boYydYiQ3AMxkED
                                                                                                                                                                                                            MD5:99160DACD0B02DCA87CBD3FE237B3A00
                                                                                                                                                                                                            SHA1:6F14A69587FE4E5B9FB7FC21888FC0D3DA2CA73D
                                                                                                                                                                                                            SHA-256:AA478258C6F6F8FC6E3ABB88B01DA53238B2316CAA78E2ACD64E07334C2C8AA4
                                                                                                                                                                                                            SHA-512:BD04E8B1B766F2C8DB69393BBE90191BB107B9802ADC50C1718B588DCC03A6A1DFDE4AFCFBEF97EE6C175BF00B4F79C12F5464C2C280FA4FD4638ADAD25982EA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.................. ...@....... ..............................1.....@..................................-..O....@...................)...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................,......................................BSJB............v4.0.30319......l.......#~......|...#Strings....x.......#US.|.......#GUID.......(...#Blob......................3................................'.....).........u.................=......."...:."...W.".....".....".....".....".....".....[.....".................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;./...C.J...K.j...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Security.Principal.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.856568647529212
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:AVSKiWIhWLIYiQ3vNKkfAM+o/8E9VF0NyTi:WSK8LYiQ1lfAMxkE9
                                                                                                                                                                                                            MD5:C69302F146397B44ADE39F5B8A89F537
                                                                                                                                                                                                            SHA1:436A30216B18B893FC6037C8688BC855DBE5796D
                                                                                                                                                                                                            SHA-256:02FFCF38C64787E13A2E5286BA7A37E4AD9599A2AA4B61029A18D37EB721B56E
                                                                                                                                                                                                            SHA-512:54DC41C01511D46EFAD04C52E5CC5E2B4F78E4741A4B5A095D313BBD2A91A3DFF10C031F4EE527DAE7B7309A206DFBD1B54A6972982E44E020B8260420CCA662
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ...............................m....@.................................t(..O....@.. ................)...`......<'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..l....................&......................................BSJB............v4.0.30319......l.......#~......@...#Strings....D.......#US.H.......#GUID...X.......#Blob......................3......................................................\.....0.....'.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Security.SecureString.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16664
                                                                                                                                                                                                            Entropy (8bit):6.79823264347072
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:d0KbZWApWmWTpWlIYiQ3rmAM+o/8E9VF0NyrJ:2KRytYiQqAMxkE7
                                                                                                                                                                                                            MD5:3FC45F755D484D2A3CAF00162C967851
                                                                                                                                                                                                            SHA1:2DD3DDFD4AB6A0EB381E202183843DF5F51D42EC
                                                                                                                                                                                                            SHA-256:9AF7953B9C2E32C85CD44F75EF4232393193772DD5FE177A999904102371B28D
                                                                                                                                                                                                            SHA-512:A3B8426FE8EF95EEBCFEC8E212E9011870865AD253D579F44AF3A454F3AB18DE5C978E1297C56A6A1D9990EAA89208C4BCA8610EE3FF97675E664739118F6F8A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............)... ...@....... ..............................h.....@.................................>)..O....@...................)...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................r)......H.......p .......................(........................................(....*..(....*..(....*..(....*BSJB............v4.0.30319......l.......#~..........#Strings....`.......#US.h.......#GUID...x...(...#Blob...........G..........3.............................................."...........C...........u...............m.b...........J.....J.....J.....J...6.J...O.J.....J.....J...j.C...S.J.............................P ............X ............` ......4.....h ....................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.Extensions.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15632
                                                                                                                                                                                                            Entropy (8bit):6.885286778509384
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Vb1nWCXWpvIYiQ3wYRtcKZAM+o/8E9VF0NyR7n:B72QYiQgI9AMxkEfn
                                                                                                                                                                                                            MD5:272423FBA04656D72F9838C09B4675F1
                                                                                                                                                                                                            SHA1:CD730DDFD879A90C9BD044763C98B6766AFF0058
                                                                                                                                                                                                            SHA-256:7DF18EA573C3EDB4EF59930FF334C36117440437C317F30215D2EEDD18E9CEC3
                                                                                                                                                                                                            SHA-512:CC481E472A08E235834F2E3B382C2B31F2CEC8B408B92C61325F52A95946FB3A4ACDDE7FC32C6B9CDE30E6C55FE22EFDAA122FEF4332BFA4542EC3DABDBEB7DF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...................................@..................................(..O....@..T................)...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~.. ...t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....6.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Text.Encoding.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                            Entropy (8bit):6.7881669732714744
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:cuD6cYxmPlW7TW5CIYiYF8uegv7cERI+2ByA5K+o/y2sE9jBF0NyEaN1:1cyW7TWIIYiQ3lTAM+o/8E9VF0NyPN1
                                                                                                                                                                                                            MD5:DC4A551AD55E9ACDBD77B34F8E31923B
                                                                                                                                                                                                            SHA1:E534E7ADB28FC0596EAC08DEF164B88E743AF282
                                                                                                                                                                                                            SHA-256:AED741DA3B66D29BAF72A05060FD7BEF8088C3D761DFF0BC57B599B2A77C71A3
                                                                                                                                                                                                            SHA-512:DD045C2A7CBAE4B3F187ED7D0523BAE1C0C57E1B22D9356B84782C901F52A024C7682DBD6BBA36EA995A1455D182F97B1B8F6280CC22360A235CB80B132AF783
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............2*... ...@....... ..............................[+....@..................................)..O....@...................)...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.7.....7.....7...C.7.....7.....7...[.7...x.7...-.0.....7.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Text.RegularExpressions.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.917535971439002
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:V6Rb32WVzWxIYiQ3ABW8eAM+o/8E9VF0Nylj:sRb3d7YiQQE5AMxkEb
                                                                                                                                                                                                            MD5:5FD1017D5DBC5ABC7493DA12D9F0EA91
                                                                                                                                                                                                            SHA1:83C187F54A23CC314C2122E07526155E2D6CEE99
                                                                                                                                                                                                            SHA-256:B2A35E885EC61E33FCB6B09FFBDF53538CF10F0A9C3506DD95AA20D36B6F5D31
                                                                                                                                                                                                            SHA-512:38ED560DA4F589AFAB5ECB24CC2829DB99AFEEC0BD87B26EE4C357247ACD48D31D85A5406253EF035A8B7FC97D7131340667601090C79740D988A4674153059F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@.................................t)..O....@..P................)...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................K...d.K...8.8...k.....L.................K.................c...........5.........................2.....2.....2...).2...1.2...9.2...A.2...I.2...Q.2...Y.2...a.2...i.2...q.2.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Threading.Overlapped.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):32024
                                                                                                                                                                                                            Entropy (8bit):6.548082431236893
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:9u5I+sqOylryry8qqIfUc7a5ZYiQqAMxkEv:9YIVBpry8qqIfUcm5Z7QIx
                                                                                                                                                                                                            MD5:9C89CAC7B7229D1F36988AB335885C6E
                                                                                                                                                                                                            SHA1:C85E08B4EC6DD737C447B2000AD429C1984D8BE0
                                                                                                                                                                                                            SHA-256:F8DA84F7880E67B43BA8121898A0A9033221B4A71FAE00588EE5EB3F2CB8B0AB
                                                                                                                                                                                                            SHA-512:31ED4CC247D8438FD9BB1E45AB16166C0CD971D744A23BBDAEF1D9E2467CEC6C013904A28252CF152EA9A619BDF8983A9AD817DA516FC01A5E8BABFD29C04BBD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..F...........d... ........... ....................................@..................................c..O.......x............T...)...........c............................................... ............... ..H............text....D... ...F.................. ..`.rsrc...x............H..............@..@.reloc...............R..............@..B.................c......H........&...7...........^.......b......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rK..p.(....*2ry..p.(....*2r...p.(....*2r...p.(....*2rc..p.(....*......(....*..0..;........|....(......./......(....o....s

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.Parallel.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.880951855598949
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Qvn4HREpWiQWHIYiQ3o0AM+o/8E9VF0Ny6QgPQ5:nSGYiQLAMxkE4O
                                                                                                                                                                                                            MD5:9DB6C6BB3D745A146B852616D41D85FE
                                                                                                                                                                                                            SHA1:0C808B24970A58BFC6740F6AC4ED64C702CAE624
                                                                                                                                                                                                            SHA-256:294D61E561EEDB80EA66C0080B150D707FA9D0F1791AFAD800680214DD4E146A
                                                                                                                                                                                                            SHA-512:D00F5DCF7354BD643DDA446F677A6AC893E5CCA934549B4AD58A9B15620EC48455C96AAAA076121936A3686F03C48B4199DB8D9DB7B10BEBDB7949758DA5FEB0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................1....@..................................(..O....@..P................)...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......l...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................n.....B.....".....V.................U...........$.....m...........?.....(...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Threading.Tasks.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16664
                                                                                                                                                                                                            Entropy (8bit):6.781107349224401
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:p8MjKb47T3UCcqFMkJ59WdtWoIYiQ3j/CmAM+o/8E9VF0NylZl:iMjKb4vcGdOeYiQOmAMxkEtl
                                                                                                                                                                                                            MD5:14A9E92CF00CAE2420099945AB7339CB
                                                                                                                                                                                                            SHA1:E2839C424CC0312A3CEAFFEA4EC24FC4CAE51596
                                                                                                                                                                                                            SHA-256:D4011E1AB2C2667AD6CE0B8AB6F6EEEDCFA4FFA95E5980C91D63DFD068B845D3
                                                                                                                                                                                                            SHA-512:BD92D23A86DF66D5B6DE88E69C55212AF81C21F4DB4623259980214BB29B4C98970B70A7C4C56D77EC1DEB6FD36D27DD65019BAFA1FE2A60543F46992F0D4107
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ....................................@.................................`,..O....@...................)...`......(+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ..X....................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3................................!.....O.......................................].....z.............................7.......j...........n...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Threading.Thread.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.868665040615739
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:8zyNXd4+BW6FWGIYiQ3UUvAM+o/8E9VF0NyebMn:hz8YiQRvAMxkEKU
                                                                                                                                                                                                            MD5:9C5C2042B3CA981D0F5F08B7A6578C03
                                                                                                                                                                                                            SHA1:A463B3834A9B1754553DEBD7F933DCD4630E5173
                                                                                                                                                                                                            SHA-256:B0BF150F8B324DA34C4642287EF0B187D50DBB3AB1BFBED6C31AE836D2A1C39F
                                                                                                                                                                                                            SHA-512:641890DABDFFBCDEB224B37481FA481745AF094833CEF54474A1A08FB2D9FC835BAF66E5DAC556BC3BE877117E91C49BD35FB0934CFBD7BE975EE2FF085E9DE1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................s....@..................................(..O....@...................)...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...p...#Strings............#US.........#GUID...........#Blob......................3..................................................'.....'...T.....G.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Threading.ThreadPool.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.8677142003997025
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Uvs2Q3HKJNrWWRWZIYiQ3kPQXdAM+o/8E9VF0NyC:UuMVYiQXAMxkE
                                                                                                                                                                                                            MD5:6A47BA84170A53AAD2FA9C31C7B699AF
                                                                                                                                                                                                            SHA1:D0A0E05860DACFF3BBD5740F7169B26EDC1EFC86
                                                                                                                                                                                                            SHA-256:4881446ABD1347F1CF3E0E94E42E47329F2E4A2E0099C372F54B14F31A7D150F
                                                                                                                                                                                                            SHA-512:9759C74F8D816EDBCEF08FE09DC377C8ECB5D68473B96285DE07E3A03E9FE17321A260576C127D2B9D8DCA1913627374D29ACA5E908312EB5F178F8851CF0558
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ...............................y....@..................................(..O....@..4................)...`......h'............................................... ............... ..H............text........ ...................... ..`.rsrc...4....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....p.......#US.t.......#GUID...........#Blob......................3................................................../...q./...E.....O.....Y.................X...........'.....p...........B.....+...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Threading.Timer.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.842208231877981
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:LFz0Q6gcqRhcsMWdMWDIYiQ3wg+YAM+o/8E9VF0Ny1y:LFz1c6iYiQTAMxkE6
                                                                                                                                                                                                            MD5:6A44D439A052C7817F6F099ABBBF45E2
                                                                                                                                                                                                            SHA1:4E26260314823A33021402BC8C29F5C77BE0D7FF
                                                                                                                                                                                                            SHA-256:5385D43B82A563DA7B0F9221C57D83CE0447D399F574D6E13357FADD3AEDD955
                                                                                                                                                                                                            SHA-512:EE13D97E7637C3F22B89165BDDDF3F20C5162A42BD0E10939D039C8E4610815D78FD6600D775B25B8B8CF25AA5BB75ADA712954A29F993E77BF2EB956F87729F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................*.....@.................................L(..O....@...................)...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..D....................&......................................BSJB............v4.0.30319......l.......#~......,...#Strings.... .......#US.$.......#GUID...4.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Threading.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16664
                                                                                                                                                                                                            Entropy (8bit):6.735271411186537
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:n6xWA3W4aW/NWFIYiQ3xOEyAM+o/8E9VF0Nyjd:naBpYiQ8fAMxkEX
                                                                                                                                                                                                            MD5:C5C6397722BE770ABA45E69D6E8800C4
                                                                                                                                                                                                            SHA1:504EFB1D7559FE62F148AC71D0CB8D5F7FCCB518
                                                                                                                                                                                                            SHA-256:FD33DFCF6564309E5348408A4B8FA71D5A08D6C15C983ECCF5DCC452A2FCF903
                                                                                                                                                                                                            SHA-512:E0C44CF497E145E887961F9EB959C5BA9D5F64BAAB180F8FBE4E4EDA13AF07FBF0EF43C1BE758412BA9DEA21177747670C60C32907515EF4ECFBEB1EB0FE631B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ....................................@..................................+..O....@...................)...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .......................*......................................BSJB............v4.0.30319......l... ...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................-.........O.k.....k.....X.....................1...........o.........................B...........9...........J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J...Y.J...a.J...i.J...q.J.......................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.ValueTuple.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):73496
                                                                                                                                                                                                            Entropy (8bit):5.927241283450761
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:qIumja0tbe16pSc45EfL+4vD4SuJbhjXuE3FMqF1KAy4kHo05ureseh7997QAxRg:qIuAaGbeGq5rKASI0ICh9Mug
                                                                                                                                                                                                            MD5:F7858FB8F12EA150052CFE6A6431738D
                                                                                                                                                                                                            SHA1:7CA6B60F830AF352293F42973EFC97F6BA8A7076
                                                                                                                                                                                                            SHA-256:99C6709A69C97420F9970DFA32D261874DB896C512047D903FF9D44DCB3AB2D4
                                                                                                                                                                                                            SHA-512:272E243C4967684FB667D95E6B7056E59E25E220B9E2F78FEF04D9764F1434D4528ED1596DFB1043F03CB48DA774102F7947BE562BF552C43D78FE59182AE8AF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............~.... ... ....... .......................`......:.....@.................................,...O.... ..x................)...@....................................................... ............... ..H............text........ ...................... ..`.rsrc...x.... ......................@..@.reloc.......@......................@..B................`.......H.......................d.......t.......................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o...........o ...........o!........*...o"..........o#..........o$...........o%...........o&........*....0..L.........o'..........o(..........o)...........o*...........o+...........o,........*.0..Y.........o-..........o...........o/...........o0...........o1...........o2...........o3.... ...*....0..k.........o4....

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Xml.ReaderWriter.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                            Entropy (8bit):6.859050338966028
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:+r97WquWbIYiQ3fSoAM+o/8E9VF0Ny9XQ6UfZ:+RJ0YiQbAMxkEgLf
                                                                                                                                                                                                            MD5:2B9E0B54FFB4D0C69DC567546E1C9774
                                                                                                                                                                                                            SHA1:C22533FFFF633B225391F28FB7236198BFA7AA80
                                                                                                                                                                                                            SHA-256:16268D859797CF94E7ACCE06ED187E465BBCE40E6B0CF7FA9B15A9D161BC4698
                                                                                                                                                                                                            SHA-512:09C64DECE1E238D981214AD89A7D818BFD6A75906E355E5CE529AD17AB0BF69404B4FB817C9EB282B3C9F86DDF23AE9D989327966C66175581683B89C686C90E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............+... ...@....... ...............................%....@.................................\+..O....@...................)...`......$*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ..T....................)......................................BSJB............v4.0.30319......l.......#~..T.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................z...........j.....j.....W...............B.....z.............................................................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q...Y.Q...a.Q...i.Q...q.Q.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Xml.XDocument.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                            Entropy (8bit):6.806326557443503
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:G16eWLDWSIYiQ36/7AM+o/8E9VF0NyZHvb:C6LuYiQW7AMxkEbj
                                                                                                                                                                                                            MD5:DEC951BD7AEED6EDEE8714446F85477C
                                                                                                                                                                                                            SHA1:B413C95C5832721DF62E5C50C8BFBE8E2AEE18D8
                                                                                                                                                                                                            SHA-256:0D17D68373112ABFEA7B91D39DDC9D862FF4F4BD75BD53DA73F4A337B298C315
                                                                                                                                                                                                            SHA-512:F765AA48D49C590086CA435C5C1878CB54FD9A226749B84CC95631695AD158D9BDE93BEF62058A78048FB4C2F13FBC7388FD5FD2384A9A385896E71CFEA55D59
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............*... ...@....... ..............................Q.....@.................................|*..O....@...................)...`......D)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..t....................(......................................BSJB............v4.0.30319......l.......#~......8...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................z.....z...u.g.................................>.....W.................r.....[...................a.....a.....a...).a...1.a...9.a...A.a...I.a...Q.a...Y.a...a.a...i.a...q.a.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.XDocument.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):17176
                                                                                                                                                                                                            Entropy (8bit):6.79842270742322
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:j8G4YC2W+wW8WpwWyIYiQ3EZu3MAM+o/8E9VF0Nyu:AGZ5JYiQmu3MAMxkE
                                                                                                                                                                                                            MD5:8DB16B02A582B4DF6A6EB981ED9F683E
                                                                                                                                                                                                            SHA1:B425FB5C0E3F06A50E85CBEE2E1FEC457033152B
                                                                                                                                                                                                            SHA-256:672ED8CE513197EEFB6C10060A8BBC63A821D0C8D481D8DA6CD8E03C4D3D3F89
                                                                                                                                                                                                            SHA-512:B9C71A148FEA255A1677A3333F6D9C74FC0516D3EACF258129B383F7D8A326CA828AB162CFEBD37DCEC38704CB52AF4D98EDBF725EA313F780FA3783D14D507F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............+... ...@....... ..............................K.....@.................................z+..O....@..x................)...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................+......H.......t ......................P*........................................s....*:.(......}....*2.{....(....*BSJB............v4.0.30319......l.......#~..0.......#Strings............#US.........#GUID...........#Blob...........WW.........3..............................................................L.........4.H...}.H...u.v...........;...........;...=.;.................../.%...........P.....m.....................................v...S.......v...d.v...........v...m...............

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Xml.XPath.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15640
                                                                                                                                                                                                            Entropy (8bit):6.905101594274101
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:n6ziqTEkGWvRWRIYiQ3R/sfAM+o/8E9VF0NyAflu:nYT1JYiQVsfAMxkEG8
                                                                                                                                                                                                            MD5:FAAF58CC3A4F4B4A0379BAC23B572D7C
                                                                                                                                                                                                            SHA1:3D06FD3419E8FE7A259B498930C96D21F0286072
                                                                                                                                                                                                            SHA-256:754262EE6038BE4A02868749181B9E70DF02C4058B9553A42B97EB0CAD07AB11
                                                                                                                                                                                                            SHA-512:2460FC6C9930984D37298B9E848B6D67A12D6F4BB8CD8458D50E22611A2A5A25336BCA102BA2FACC0747FF87A317B8AC6FE9A67ABD10F201C9DC1F18259BFE08
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................Z....@..................................)..O....@...................)...`......d(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3................................................'...........~...................................G.....`.................{.....d...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlDocument.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                            Entropy (8bit):6.81806767505525
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:oUv7c7iWNCWAIYiQ3ODS9AM+o/8E9VF0NyJR:oM7c1VYiQ+QAMxkER
                                                                                                                                                                                                            MD5:FEF15634A5DCFF6DE0970694A358AC3F
                                                                                                                                                                                                            SHA1:D75A204C813A0B9DE362EE809CA745C6D39CB6E1
                                                                                                                                                                                                            SHA-256:6AB7FD2903DD4379772CBC69E2D1494DF1BFC16C96EF553379EEC97763120C82
                                                                                                                                                                                                            SHA-512:CFE7AE2BD0AF49AE183EB60DEFCCFDA9D6C029151F0E62D1910DADC4EAB1B4B209AD3A684CC1CBA46907008327292AAFD9CFBC062FDBF4472F48B95422B421CB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............*... ...@....... ....................................@..................................*..O....@...................)...`......`)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~......l...#Strings....l.......#US.p.......#GUID...........#Blob......................3................................................4...........~.............H.....H.....H.....H...T.H...m.H.....H.....H.........d.H.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\System.Xml.XmlSerializer.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                            Entropy (8bit):6.8597268262905065
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:b+vxmNWnRW5kIYiYF8uegv7cERjSsvA5K+o/y2sE9jBF0NyWaM8:6SWnRWuIYiQ3/5AM+o/8E9VF0NyxM
                                                                                                                                                                                                            MD5:6A7E53B140F74F7BD0A2D784D16F8BF8
                                                                                                                                                                                                            SHA1:19286C4BAB90FBA4DE3BB73CE3B4A7EFB30E34D3
                                                                                                                                                                                                            SHA-256:FF9A7315DD0E90AB0ED79418A02F02AB0C9F8D1E353E279EDA1787580426026E
                                                                                                                                                                                                            SHA-512:A797862F6C3D19F077B441B3D0D27869B037AC3EC43E68D8B5044E3A31E1978CC6666BD1886DBA923202B74EB92511CFAFBE1E724DAC19F2D00A7E1B5FF0EC28
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............+... ...@....... ..............................<.....@.................................L+..O....@..$................)...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................+......H.......P ..D....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................k.....k...U.@.........i.....=.........................................&.....'...................:.....:.....:...).:...1.:...9.:...A.:...I.:...Q.:...Y.:...a.:...i.:...q.:.......................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20248
                                                                                                                                                                                                            Entropy (8bit):6.670581408050179
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:ZfNieVZaksEEwXJj12hIYiQ3VSL3AM+o/8E9VF0Nyw:zXJj1xYiQMDAMxkE
                                                                                                                                                                                                            MD5:38EA86E0EFF4B0A3FB2CC61FA5E78DF1
                                                                                                                                                                                                            SHA1:51E11FBFF3808EB7C66776EC2B1F4BBBA0E507F0
                                                                                                                                                                                                            SHA-256:13075FAB216B6A14F0971A4C96C85AE6CE63819C92578489260C41F883542DBE
                                                                                                                                                                                                            SHA-512:C894700EA984C9A32D8997A6533DA28CB216A85917D51F5E750D4ED8CAECD47561C3DAFCF3CE40E2BDD8B816771427BA122B452FF6130B7F1A4A90351E038EB7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............b;... ...@....@.. ...............................O....`..................................;..O....@...............&...)...`......L:..8............................................ ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B................C;......H.......x$...............................................................~....*.......*.~....*.......*.~....*.......*....0..I.........i./%(....r...p.o....(....o....rQ..p(....*...(....s....(....(....(....&*....0..........(....,.(....ri..po....*(....r...po....r#..p......%.r...p..(....(....(......%......s.....%......s...........s....(...+(......%......s.....%.. ...s...........s!...(...+(....o"...*....0..........s.......}....(...........s#...o$.....9......{....o%...(....r...p.o&.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.exe.config

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):189
                                                                                                                                                                                                            Entropy (8bit):4.975451013309139
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:JLWMNHU8LdgCzMvHcIMOofMuQVQDURAmIRMNHjFHr0lUfEyhTRLelFvREBAW4QIT:JiMVBdTMkIGMfVJ7VJdfEyFRLefJuAWq
                                                                                                                                                                                                            MD5:DA0EED2F114F1288C8DE452D5B95596E
                                                                                                                                                                                                            SHA1:1CF8A57C6DF6C309F373A2114A88B980A49D03E5
                                                                                                                                                                                                            SHA-256:AE5E7FA8373B273FAD07E0486CEBFD88C18F9517BA609C2B8E6534F5D9E53DCB
                                                                                                                                                                                                            SHA-512:A2B2F1CD8A772AA3EF074864DD1CE8A37FDB2A1A811B476DFB360F1C71FC787560E9F188916E2C73B290EDA74A56251DDD8EF85DD462515DF12D2E073DA9CF38
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />.. </startup>..</configuration>

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\UnpairDeviceApp.pdb

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:MSVC program database ver 7.00, 512*51 bytes
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):26112
                                                                                                                                                                                                            Entropy (8bit):2.404591342759292
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:9P3APpAPDAPpAPthp1VOj9KbXouYVIMIhTbbOEe4QsENbpe4qgM:BMKgKbVOoPAi
                                                                                                                                                                                                            MD5:0151FC741197C424E672E759DB5BDA70
                                                                                                                                                                                                            SHA1:2647089388A60A10159ECF7AE491C701A36110C8
                                                                                                                                                                                                            SHA-256:7428A28A358CD23C0483E7DD934248DA83F60E5385D3CDB0DE33A497AFDC2066
                                                                                                                                                                                                            SHA-512:D2F047ED16F4A54EECAFD0CAE68EC257859FD705FCCE84BE34FFBE531C1BD849788AFFC20B0DF65FED512C60A9145B30DF4F99F24B65FFDF0730EEACDC69B65B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Microsoft C/C++ MSF 7.00...DS...........3...........0............................................................................................................................................................................................................................................................................................................................................................................................................................................................................O......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.FoundationContract.winmd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):24064
                                                                                                                                                                                                            Entropy (8bit):5.436377150873873
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:nOeNiCPJ8d//4CMSKtmVbFhFMTuzO3zoVOgvevU3+uARkArvLU8Wyt:/x8d/i49z7cgWvwARkwvLU8
                                                                                                                                                                                                            MD5:D0854E8DB0D1AFBDAB9CEDB8464561A7
                                                                                                                                                                                                            SHA1:7550E1257E2D243AC0A12439D2A55C74718753D4
                                                                                                                                                                                                            SHA-256:363DC1FDC0C50618C9049F87BF6E2C6EB9D9CE4AC08960373BF778EF854D78AD
                                                                                                                                                                                                            SHA-512:CAF5CB38121FE12A560CEBE4E1AC3266AEFB3C7AB0635EFF26D1AB7DE8CD349F52CB8F9FD4F8E05CF6E496FF07083961881517298FF80A07691B22EF2B317A3D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...................................@...PE..L......\...........!..............................@..................................o....@..........................................p..`...............................................................................................H............text....V.......X.................. ..@.rsrc...`....p.......Z..............@..@........................................................................................................................H.......P...hV..................................................................BSJB............WindowsRuntime 1.4......t...x3..#~...3......#Strings.....G......#US..G......#GUID....H..`...#Blob...........W.........%3........h...a...m...9...........)...S.......................,... ...............!.....0.........l.e...~.............................5.....b.e...g.....s...........................................................&.....>.....L.....V.....o.e...v.........................e.....

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\Windows.Foundation.UniversalApiContract.winmd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):5773312
                                                                                                                                                                                                            Entropy (8bit):5.68640191645299
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:OVINVwJzGKybK12T5yb9ksyZWPsADcn0XjOTQVm8fGwoAIMHFqG:/NVwJzVSs+Wp4xyD
                                                                                                                                                                                                            MD5:2B71864142900544334292C45C9A9A21
                                                                                                                                                                                                            SHA1:763865F2163F8B3A294BB156D1E36B9E73A9EBAB
                                                                                                                                                                                                            SHA-256:94687C2812CD4B0DF1F93C3D083BAA730CAB07E9D9C3931FA6557C808BCEF49B
                                                                                                                                                                                                            SHA-512:DD73C7832A2B43774D18A83AC08CEE5A6F7D76F870A98A344B3FDD1DE61CD9B7362D31009F443592F138EFFB9ED7CDD9E4F8A7282C699B7AF3F434ABE74F215E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...................................@...PE..L......\...........!..............................@..........................@X......AX...@..........................................0X.`...............................................................................................H............text.....X.......X................. ..@.rsrc...`....0X.......X.............@..@........................................................................................................................H.......P...L.X.................................................................BSJB............WindowsRuntime 1.4......t...t(>.#~...(>..O..#Strings.....xK.....#US..xK.....#GUID....xK.x...#Blob...........W..........3........d.......c$......b"......sV......'.......A...P....s.......a................2...........p...i.....u.......................i.........................6.........o.......................................%.........I.........g...............................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\Windows.WinMD

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):174080
                                                                                                                                                                                                            Entropy (8bit):4.838714488862786
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:BXlu9HOsrxLLC581nfkhTf85SfD/8E8pMyF2fIK2E3ZMrf/GXTdXg7A/w:b41x7v54sMyov2+Mrf/GXKA
                                                                                                                                                                                                            MD5:6AEB1C3E0470912D776EF79DC180AEF6
                                                                                                                                                                                                            SHA1:C35A83124548142B7AF868166EEB9B9A8DEDCA03
                                                                                                                                                                                                            SHA-256:249D4EBDCB399002F7B6DCB50384AD0DF3AB6A7CF7087161EDA4E43052128E6D
                                                                                                                                                                                                            SHA-512:3AA0D6D8BFB0788353A85E5C0F88B0D0B0CD80F200C78932D8BD4FCF0711EF6577F9C3F4036BB88A4EC7BCF58ED2C4A48FC003324B47A0FAB51E2A1B73436DE4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......U.........." ..................... ........@.. ....................................@.......................................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................................H.......H ..............................................................BSJB............WindowsRuntime 1.3......t...@...#~.......s..#Strings....`.......#US.h.......#GUID...x.......#Blob......................3................$.......................................................6=............................................iA......................cE.......................F.......................C.......................A.......................@......................PC................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\netstandard.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):92952
                                                                                                                                                                                                            Entropy (8bit):5.492494601798773
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:h2Ec05j4eAH64rh5fSt5T9nFcI94Wh7Qnx:wlK4eA7mDmWhM
                                                                                                                                                                                                            MD5:F22F964846A8A63BCDB71EB58B7B5F3D
                                                                                                                                                                                                            SHA1:97A0913116E119242FC1C31E067099309013A615
                                                                                                                                                                                                            SHA-256:ADCC6B18D8FFA146BC0FC6E8EE1FAEC57ACA9514969D4E54978B09DA114FEE0E
                                                                                                                                                                                                            SHA-512:DE5C0C4B7289E1527CB3AECE1CAAFF506302125513FD8A91550B8A6DE6E58AA3652E3536984D35D9194EA9D054671FA285B3B206F7977D4A784F2977C474D535
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\ScreenBeam\Conference\service\netstandard.dll, Author: Joe Security
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M..Z.........." ..0..8...........U... ...`....... ...............................g....@..................................U..O....`..,............B...)........................................................... ............... ..H............text....6... ...8.................. ..`.rsrc...,....`.......:..............@..@.reloc...............@..............@..B.................U......H.......P ...4..................,U......................................BSJB............v4.0.30319......l...|...#~.....d...#Strings....L3......#US.T3......#GUID...d3..x...#Blob......................3................................q.....2B........e$.M...,.M.....M...4.M...1.M...1.M..v..M...*.M...*.M....p...........................!.....).....1.....9.....A.....I.................................#.......+.......3.......;.J.....C.f.....K.f...................2.....................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\qf4net.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):39192
                                                                                                                                                                                                            Entropy (8bit):5.109701337907036
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:N+ZpbHSTTUa8x+qvvIojhSYiQ8dRAMxkE:N+Zpb8T2x+CvS7QK5x
                                                                                                                                                                                                            MD5:A2B24D40E394C0F946D030F1E0E96449
                                                                                                                                                                                                            SHA1:D19F6740B32FD46985B152FC9F5BE1A9323599EF
                                                                                                                                                                                                            SHA-256:EDAF7D5BE064B55FEC8B7FF7485978AA89371C2A6F16208C3FD788F05D37FE52
                                                                                                                                                                                                            SHA-512:216396E5584ECFB6F5BEB0ACA15A6DB836BE09D9DB8E43C38052BA8B98177FC85F1C9408B87DDB4F09A0E42B47CA3424E66F57DE48898F644A0DAFA84B39D2C7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....KV.........." ..0..@... ......J^... ...`....... ....................................`..................................]..O....`..<............p...)...........]............................................... ............... ..H............text...P>... ...@.................. ..`.rsrc...<....`.......P..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\vac\instrmv.cmd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1552
                                                                                                                                                                                                            Entropy (8bit):5.186308371779243
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:CBc6mGOPDSgJqX7Blu7BW7BhXli/3g/EXOOVyOpzU/OVdEisFJROVyOLJX:0Vg8X7Blu7BW7BhXg3g/EXNiAXaYH1
                                                                                                                                                                                                            MD5:121B6A8B1EB8AC1E00DBADAE6AA64BDB
                                                                                                                                                                                                            SHA1:F673C058A5424B15D373B5A0887C59517988A044
                                                                                                                                                                                                            SHA-256:AA87F20FC3BDF08B632DF62E421C2E98ABC3C9F3565108C81F053D7E875234E4
                                                                                                                                                                                                            SHA-512:8C0EF3527787E686A9DC8D48318E99F429BA8E8CAEDEE4C689A853D78187BFD23A7F9B9939B0440479B9AD23D69E7C790EFF23F19340EBEA7F8F2CE53837C2FE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:@echo off....setlocal....set "DriverInfFile=vacscbkd.inf"..set "DeviceHwId=ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5"..set "DeviceInstId=Root\{aafa5613-1d56-4309-9c3a-c3911d766be5}\0000"....set Mode=....if /i "%1" == "install" set Mode=install..if /i "%1" == "remove" set Mode=remove....if "%Mode%" == "" (.... echo Parameter 1 must be "install" or "remove".. REM pause.. exit /b 1....)....if /i "%PROCESSOR_ARCHITECTURE%" == "x86" (.... set ProcDir=x86....) else if /i "%PROCESSOR_ARCHITECTURE%" == "AMD64" (.... set ProcDir=x64....) else (.... echo Unsupported architechture %PROCESSOR_ARCHITECTURE%.. REM pause.. exit /b 1....)....for /f "tokens=2 delims=[]" %%S in ('ver') do (.... for /f "tokens=2-5 delims=. " %%A in ("%%S") do (.... set /a Ver1=%%A.. set /a Ver2=%%B.. set /a Ver3=%%C.. rem set /a Ver4=%%D.... )....)....set InfFileSfx=....if %Ver1% LEQ 6 set InfFileSfx=6x....for %%F in ("%DriverInfFile%") do set DriverInfFile=%%~nF%InfFileSfx%%%~xF..

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd.cat

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):11415
                                                                                                                                                                                                            Entropy (8bit):7.16083998344546
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:qAnS5fRPFJC43ngEw9JPgXkhYCJxobQo21EhqnajTFASwlA:qA87XuLh3JxCQrsl3FA5A
                                                                                                                                                                                                            MD5:5676894C48A102867C178C55BA9FDA67
                                                                                                                                                                                                            SHA1:EE74D4BFA8A9D73261D3FB55D125DE6E3F49AD0F
                                                                                                                                                                                                            SHA-256:74632BF0BE064DE0185FB59718B706108F1AD525CF554D423614E9C74F5CF5DD
                                                                                                                                                                                                            SHA-512:D715A43A417E5C8874641AA1792F31B5918B9A81EAD7C39CC475DF3FAB3F484E20A7E9F7DF93BA7B0B4FBB9C0C507FECB46F8C76CD6A95DA2F39882BFF199AE2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:0.,...*.H........,.0.,....1.0...`.H.e......0.....+.....7......0...0...+.....7......0.q.M A.y..._cB..210423040957Z0...+.....7.....0...0.....F..QM.2..?1..6..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........v.a.c.s.c.b.k.d...s.y.s...0.... =r.`vpe.r.N.L..?..'..W\..a.'[..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........v.a.c.s.c.b.k.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... =r.`vpe.r.N.L..?..'..W\..a.'[..0.... `.]......~....5.J...e...'>.X..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........v.a.c.s.c.b.k.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... `.]......~....5.J...e...'>.X..0.... x..I...Sd...Rd...R3...\A:.b.....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........v.a.c.s.c.b.k.d.

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd.inf

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2927
                                                                                                                                                                                                            Entropy (8bit):5.065642316551494
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:fzlvb2Qb2ncb25AMPHwuTHYH9ewl9P8uPtS+iSFEY0dPFi+8PBDx:L8NnhZSkFwPBt
                                                                                                                                                                                                            MD5:33262035005119B64E258A3B28415ADD
                                                                                                                                                                                                            SHA1:FDA3AF6BBAC88CB53C282A916232FD442887084A
                                                                                                                                                                                                            SHA-256:781BC7498AFA165364E09E8F5264B609C15233AFBDC95C413A966212F8D0FC1D
                                                                                                                                                                                                            SHA-512:85CD2EB68DCC51A3A2695C4C122EAE348EED9D6F9251694804C200CD3E1C6944E97E44B37321ABA2E4EED03183A2811396DA99D57B64E3837EE27E5ECCBC5F70
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:[Version]....Signature = "$WINDOWS NT$"..Class = MEDIA..Provider = %VendorName%..ClassGUID = {4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 04/19/2021, 4.65.0.11554..CatalogFile = vacscbkd.cat........[Manufacturer]....%VendorName% = DevSection, NTx86, NTamd64........[DevSection.NTx86]....%DeviceName% = DevInst, %HardwareId%........[DevSection.NTamd64]....%DeviceName% = DevInst, %HardwareId%........[DevInst.NT]....Include = ks.inf, wdmaudio.inf..Needs = KS.Registration, WDMAUDIO.Registration..CopyFiles = DevInst.DriverModules..AddReg = DevInst.AddReg..AddProperty = DevInst.Properties........;#####################################################################..;..; Services..; ========..;..;#####################################################################........[DevInst.NT.Services]....AddService = %ServiceId%, 0x2, SrvInstSection........[SrvInstSection]....DisplayName = %ServiceName%..ServiceType = %SERVICE_KERNEL_DRIVER%..StartType = %SERVICE_DEMAND_START%..ErrorControl = %

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd6x.cat

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):12070
                                                                                                                                                                                                            Entropy (8bit):7.457999528354426
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:n8qp5UMQVMeKazCKVHGzexo44/VUVFKmqdBC4/C+Q3ISVSWMZMQ3bRg:n+MQJK2CKVjy/VUVFheCGBk7/UMQ3ba
                                                                                                                                                                                                            MD5:FA12FB4E8459A07B36C5A95FD167D077
                                                                                                                                                                                                            SHA1:99E0B4900057767ED7FFA71A082D8D3AE22AA3F3
                                                                                                                                                                                                            SHA-256:176FF202131A269A36EDCA62C2F1DAEC1DB8BBA1EC3F480572B48D6434A12727
                                                                                                                                                                                                            SHA-512:BA97E1805D05C23DA4A4AC88995D9F7DC0018D5B7289B040FA1B5F7A43CB89A4F62EFBBD81037078F86BE843C71CCE3C4DCA0B701680156885F7D42E096E3BFD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:0./"..*.H......../.0./....1.0...`.H.e......0..x..+.....7.....i0..e0...+.....7.....3.Q.."\@..k.i5.W..210419120904Z0...+.....7.....0.."0....R1.2.4.6.0.1.D.C.A.5.5.1.4.D.E.5.8.E.3.2.A.3.9.2.3.F.3.1.9.D.E.E.3.6.C.9.8.3.8.5...1..0M..+.....7...1?0=0...+.....7...0...........0!0...+.........F..QM.2..?1..6..0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R8.A.0.B.3.1.D.D.C.7.2.6.4.8.D.1.2.3.8.8.8.4.B.E.1.C.6.3.9.B.4.7.8.8.D.8.4.B.B.0...1..0M..+.....7...1?0=0...+.....7...0...........0!0...+..........1..&H.#....c.G..K.0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RC.1.4.8.F.B.9.6.6.5.0.8.6.B.8.C.4.0.5.A.E.5.5.2.C.8.A.4.7.5.D.3.5.B.6.2.C.B.E.A...1..0E..+.....7...17050...+.....7.......0!0...+.........H..e.k.@Z.R.u.[b..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}........0..N0..6........._....5+de.j0...*.H........0W1.0...U....BE1.0

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\vac\vac\vacscbkd6x.inf

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2929
                                                                                                                                                                                                            Entropy (8bit):5.0674748908058245
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:fzlhb2Qb2ncb25AMPHwuTHYH9ewl9P8uPtS+iSFEY0dPFi+8PBDx:LmNnhZSkFwPBt
                                                                                                                                                                                                            MD5:D07F07C26859DAB89970D4AD96D3F108
                                                                                                                                                                                                            SHA1:C148FB9665086B8C405AE552C8A475D35B62CBEA
                                                                                                                                                                                                            SHA-256:8B8A375ED4FEE5F3BB2CC42543409A0ACC6DDFB8FD5A1EF8F235442D54ABDD13
                                                                                                                                                                                                            SHA-512:7EAD667ECC295857988F0192ED30904A5CBFBF5180742E54F3DB890CF7903379D11FE3FCB2718908A6948B94D6D3BA5FF8B6F917190A699CD6A3C963C1857E3C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:[Version]....Signature = "$WINDOWS NT$"..Class = MEDIA..Provider = %VendorName%..ClassGUID = {4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 04/19/2021, 4.65.0.11554..CatalogFile = vacscbkd6x.cat........[Manufacturer]....%VendorName% = DevSection, NTx86, NTamd64........[DevSection.NTx86]....%DeviceName% = DevInst, %HardwareId%........[DevSection.NTamd64]....%DeviceName% = DevInst, %HardwareId%........[DevInst.NT]....Include = ks.inf, wdmaudio.inf..Needs = KS.Registration, WDMAUDIO.Registration..CopyFiles = DevInst.DriverModules..AddReg = DevInst.AddReg..AddProperty = DevInst.Properties........;#####################################################################..;..; Services..; ========..;..;#####################################################################........[DevInst.NT.Services]....AddService = %ServiceId%, 0x2, SrvInstSection........[SrvInstSection]....DisplayName = %ServiceName%..ServiceType = %SERVICE_KERNEL_DRIVER%..StartType = %SERVICE_DEMAND_START%..ErrorControl =

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbcp.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):171544
                                                                                                                                                                                                            Entropy (8bit):5.144201025595193
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:nuQ0x55l3sW/GuUCxgJ4Ij+5I4sHFOZTDDaDVXx+ECq:nSxbZuQgulC4sHFOaXx
                                                                                                                                                                                                            MD5:AD9BFFA5A4628861E3F26AC346CD48A9
                                                                                                                                                                                                            SHA1:8556B7C3A15AE76D7264E3CF07910BD20EF1E80C
                                                                                                                                                                                                            SHA-256:349337C2B77F987F54461D9980BA06495DB1451D47B2C756A3A03BA6D31411FB
                                                                                                                                                                                                            SHA-512:E9AC2AF35EBD4CA5DD118ED9616A5344A715AF216E3ECDFF41D93D13B194C77E0925AD233F6B14C3642124BE53C8C7B9B292ABB3F87A7A8464D20CE73D9C3E13
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PV.L.7...7...7...OR..7...OO..7...OI..7...7...7...OY..7...O^..7...ON..7...OK..7..Rich.7..........................PE..d....r}`.........."..................f..............................................5.....@.......... ......................................|...................,....r...,......h...P................................................... ............................text...|........................... ..`.data...............................@....pdata..,...........................@..@.rsrc...............................@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\vac\vac\x64\vacscbkd.sys

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):222072
                                                                                                                                                                                                            Entropy (8bit):5.804502367233001
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:YB1m2wrx1VKY72mPKO0x/icVbbOnRhTjuax+KU0jIruawI906bLqhg:ym2ORPKUcVWnHqnKUdhwIutg
                                                                                                                                                                                                            MD5:79F9861A0DF7104FEEF268498E811713
                                                                                                                                                                                                            SHA1:A811773C25D920E6BF7B3CDECB895C99D0612C54
                                                                                                                                                                                                            SHA-256:78936EE611D9DE99D96711E23A736C2F5FF8D82B9044C7B50F416BC599DF35E6
                                                                                                                                                                                                            SHA-512:22AFF07D8B267E2071BED597E542F6777B232877D28F1E27C26A0007CD12EEB5CF0D5A05865B49551E980295DB7D049FA2244C23DF5FB5CB6ABCABD3A6314963
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................3.....5............%.....".....2.....7....Rich....................PE..d....r}`.........."..........D...............................................P......V...... ....................................................d............`..X.......xU...@..P....................................................................................text...\........................... ..h.rdata..l...........................@..H.data...d....P.......<..............@....pdata..X....`.......B..............@..HPAGE....2............^.............. ..`INIT.................`.............. ....rsrc................l..............@..B.reloc.......@......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbcp.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):153624
                                                                                                                                                                                                            Entropy (8bit):5.25201729531026
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:o1kBmhlHK7tYi3v5cfLWEbp9FzeF+7xegoHq:HBcJs/+zA+7xv
                                                                                                                                                                                                            MD5:92544DA55C0757D9D744D4A08C050326
                                                                                                                                                                                                            SHA1:2EDDACBC3D0C148141D969EB1522D84BF0543E36
                                                                                                                                                                                                            SHA-256:7A37866D3907B636D9526414F2BE2A800DDAA21B8829BFE7BEA549473E421B54
                                                                                                                                                                                                            SHA-512:667139084EB90F8AA35B127F7BD9095E2031EA37B7B134333F5ACEA437724C9303C8A519562C4FE01836857BEF95949E524F16C282FCF61EA00B66644B237F25
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M.................................................)...................Rich............................PE..L....r}`.................N..........p........`...............................P............@...... ...........................P.......p...............,...,...0..........................................................|............................text....M.......N.................. ..`.data...D....`.......R..............@....rsrc........p.......T..............@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\vac\vac\x86\vacscbkd.sys

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):190328
                                                                                                                                                                                                            Entropy (8bit):5.902831736440124
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:rSTpXKD1n5ezPlXUw7MZMQ+xonXSukakW+HhvqtJ:Pn5e5kMMfLnXSukaNJ
                                                                                                                                                                                                            MD5:09045E437761DA7330051D73ACE4A50B
                                                                                                                                                                                                            SHA1:393370AE29298BC008FFADDB2BF98A6A63BACAAC
                                                                                                                                                                                                            SHA-256:CCC8EA107515C0EBA76AC2B9ECAF68F85E19E6D825C946F723A12224802B38BB
                                                                                                                                                                                                            SHA-512:552B70CE7FFD85E41FFE50CCCE323D91A0B25BFE9A5CDC6A6CA60965FF1D21BDA7C3979D29CD0EAEE7CB1BE34366687F89B2A1B4A279CD62BE635172557C8AE3
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......""..fC.fC.fC.fC..C.o;t.oC.o;r.nC.o;d.`C.o;c.\C.o;s.gC.o;v.gC.RichfC.................PE..L....r}`............................................................................\'..... ....................................d.... ..................xU..............................................@............................................text....u.......v.................. ..h.rdata...T.......V...z..............@..H.data...............................@...PAGE....1........................... ..`INIT....@........................... ....rsrc........ ......................@..B.reloc..X............|..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x64\wdmdrvmgr.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):30320
                                                                                                                                                                                                            Entropy (8bit):5.90570007486787
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:lHa22nq7FZhYCb1FbHr3yV6x8MObXjhrI8oLbzsFA0/GDGwDbh:xaZn+ZhN1RHuVmGubzs2DGsbh
                                                                                                                                                                                                            MD5:13D95C331BCFB3F6D7CC24229E5A5AEE
                                                                                                                                                                                                            SHA1:8E2FF63978F745E4365E4A6BF510F0494CD8D173
                                                                                                                                                                                                            SHA-256:AEB7EE052321C77A78132B2D74C58EA8E9AE3651C40939D998DB95FABE56255A
                                                                                                                                                                                                            SHA-512:8BBA05E7FE33435E2267537B6129EAF1ED2E6B2E4AD2F8FB9D5F124481C9F6DB1A4D5D31E851E0F6216913F4CE5815EB16284CA03E27116826A0C39006514B02
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g:..#[..#[..#[.."6..![..F=../[.."6..![.."6.."[..*#b.&[..#[..a[...6..'[...6.."[...6.."[..Rich#[..........................PE..d......`.........."......(...6......0(.........@....................................'y....`.................................................PV..........x....p.......\..p...........`S..T............................................@..0............................text....'.......(.................. ..`.rdata..z....@... ...,..............@..@.data...D....`.......L..............@....pdata.......p.......N..............@..@_RDATA...............P..............@..@.rsrc...x............R..............@..@........................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\ScreenBeam\Conference\service\vac\wdmdrvmgr\x86\wdmdrvmgr.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):30832
                                                                                                                                                                                                            Entropy (8bit):6.201578076414463
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:1gf2tTNqOvDzfnAGEAToFnDSy5NyuVEAsQNxd+A0/GDGwFFBh:1/zfnAGEwo9+ybEAsebDGGh
                                                                                                                                                                                                            MD5:0F01442195D5273B6EC07EBD4930E234
                                                                                                                                                                                                            SHA1:B527CF7281903B61F2933885A11C4FCFDE1F73D6
                                                                                                                                                                                                            SHA-256:103FB48D168E992EDA3BADD679167DCCE4A95F0380505169CCE313006CF547FE
                                                                                                                                                                                                            SHA-512:9647E8971D59F4127807560793BC58EEEC882C99BB1E96EE12AA8AB8F844B9E4669ECE866C433F27D9617237A0ACB5BB6A52BDF26C9E5FEE6DCD097B908D91B1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g:..#[..#[..#[.."6..![..F=../[.."6..![.."6.."[..*#f.&[..#[..`[...6..'[...6.."[...6.."[..Rich#[..................PE..L...x..`.....................2.......&.......@....@..................................a....@.................................$S.......p..x............^..p.......h....Q..T............................................@.. ............................text...d,.......................... ..`.rdata..6....@.......2..............@..@.data...8....`.......N..............@....rsrc...x....p.......P..............@..@.reloc..h............Z..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenBeam\Conference\ScreenBeam Conference.lnk

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2615
                                                                                                                                                                                                            Entropy (8bit):2.6189344785390714
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:8aRE37u1+C+hbd4jO6+M/C+htwsdSyq3+M/C+htwcwtrqUZsZS4tEdN4W/C+htw:8Ii7uQYjdLksdSv5LkcMr5uZSzSWLk
                                                                                                                                                                                                            MD5:C8423291AD471B47B55C5828A95558D0
                                                                                                                                                                                                            SHA1:5572FC3BE7349922013301A7FCC385CDC26AFB08
                                                                                                                                                                                                            SHA-256:46C401442CA24013E7419B84A11499A3E2D1EB4E6B5390C0324B99E937FAAA9A
                                                                                                                                                                                                            SHA-512:7A77B92A75796710BE771F2CA5073C628D5530B67578B7511FE24263CAAC11EBB471745F40EA5AE93DD1AD9F4E4D21C46F45605916E28D2C784EE2B241B55781
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:L..................F.P...........................................................P.O. .:i.....+00.../C:\...................V.1.....DWO`..Windows.@......OwH.W.....3......................B[.W.i.n.d.o.w.s.....\.1......W....Installer.D......O.I.W............................a.!.I.n.s.t.a.l.l.e.r.......1......W....{9C551~1..~......W...W.......G....................m...{.9.C.5.5.1.A.8.3.-.C.7.F.C.-.4.0.8.C.-.9.6.B.E.-.A.F.9.3.3.D.B.A.D.6.5.B.}.....j.2.>B...W..!.SCREEN~1.EXE..N......W...W.......G....................m...S.c.r.e.e.n.B.e.a.m...e.x.e.........S.c.r.e.e.n.B.e.a.m. .C.o.n.f.e.r.e.n.c.e...e.x.e.\.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.9.C.5.5.1.A.8.3.-.C.7.F.C.-.4.0.8.C.-.9.6.B.E.-.A.F.9.3.3.D.B.A.D.6.5.B.}.\.S.c.r.e.e.n.B.e.a.m...e.x.e.+.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.c.r.e.e.n.B.e.a.m.\.C.o.n.f.e.r.e.n.c.e.\.a.p.p.\.J.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.9.C.5.5.1.A.8.3.-.C.7.F.C.-.4.0.8.C.-.9.6.B.E.-.A.F.9.3.3.D.B.A.D.6.5

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rundll32.exe.log

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):651
                                                                                                                                                                                                            Entropy (8bit):5.348956889965525
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6KhaOK9eDLI4MNOK9XGK9yiv:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoM
                                                                                                                                                                                                            MD5:7CFF259EE7A28D8B8BA9D28BE3288747
                                                                                                                                                                                                            SHA1:89023672C346B4101410DF25D4CB42BD3FB38285
                                                                                                                                                                                                            SHA-256:D6EE41ADE037CF4F71E67C00CC8A98EA5BD5A6E3370CD36093EBA31DCE7B421A
                                                                                                                                                                                                            SHA-512:34224680DE9604686778FC1B4C3DAF83A47A248F6431E1BDA97F753043D760B701F8A5BB8BE0AA9FE16995C75410FC3336CE5E4A88F47EE6DFB9344912C1F0CA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sbdrvmgr.exe.log

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):42
                                                                                                                                                                                                            Entropy (8bit):4.0050635535766075
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                                                                                                                                                                            MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                                                                                                                                                                            SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                                                                                                                                                                            SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                                                                                                                                                                            SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DefMic.exe.log

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):42
                                                                                                                                                                                                            Entropy (8bit):4.0050635535766075
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                                                                                                                                                                            MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                                                                                                                                                                            SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                                                                                                                                                                            SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                                                                                                                                                                            SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI5748.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):726848
                                                                                                                                                                                                            Entropy (8bit):6.4584085143991095
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:ogaGWXLiDt5i+jfNIQTVhQNvj3jAszYzGLwQq63Trzzt5O0Qn2enGCeoa:FrBT6vj3cszYO5O0Qn2oGCeoa
                                                                                                                                                                                                            MD5:9863AD412FA5529D5A712EF228AC6E2B
                                                                                                                                                                                                            SHA1:BDA741FD705277C29379B01100A162E922F76583
                                                                                                                                                                                                            SHA-256:502CCBE31FE0F984A2FA0610EE6385A3E478CD866E19208E229B6EF8FCFB2934
                                                                                                                                                                                                            SHA-512:8F64B1AC2423EB6EBBD2853A985711C030F54279599382B3CBC3DE4EBB90A98A0273172A85D65E5E78CAE419E928FB787715EA9F2C8285662C89B25D6B584CB0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..B>...>...>......3............./......&......'......`......?......)...>...N...*..v...*..?...*.].?...>.5.?...*..?...Rich>...........PE..L.../..d.........."!...$.............}....................................... ......].....@.........................@M......\N..........h...............@=.......n...@..p....................A..........@....................K..@....................text............................... ..`.rdata..Xb.......d..................@..@.data....'...p.......N..............@....rsrc...h............d..............@..@.reloc...n.......p...j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI5768.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):726848
                                                                                                                                                                                                            Entropy (8bit):6.4584085143991095
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:ogaGWXLiDt5i+jfNIQTVhQNvj3jAszYzGLwQq63Trzzt5O0Qn2enGCeoa:FrBT6vj3cszYO5O0Qn2oGCeoa
                                                                                                                                                                                                            MD5:9863AD412FA5529D5A712EF228AC6E2B
                                                                                                                                                                                                            SHA1:BDA741FD705277C29379B01100A162E922F76583
                                                                                                                                                                                                            SHA-256:502CCBE31FE0F984A2FA0610EE6385A3E478CD866E19208E229B6EF8FCFB2934
                                                                                                                                                                                                            SHA-512:8F64B1AC2423EB6EBBD2853A985711C030F54279599382B3CBC3DE4EBB90A98A0273172A85D65E5E78CAE419E928FB787715EA9F2C8285662C89B25D6B584CB0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..B>...>...>......3............./......&......'......`......?......)...>...N...*..v...*..?...*.].?...>.5.?...*..?...Rich>...........PE..L.../..d.........."!...$.............}....................................... ......].....@.........................@M......\N..........h...............@=.......n...@..p....................A..........@....................K..@....................text............................... ..`.rdata..Xb.......d..................@..@.data....'...p.......N..............@....rsrc...h............d..............@..@.reloc...n.......p...j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI6043.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):726848
                                                                                                                                                                                                            Entropy (8bit):6.4584085143991095
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:ogaGWXLiDt5i+jfNIQTVhQNvj3jAszYzGLwQq63Trzzt5O0Qn2enGCeoa:FrBT6vj3cszYO5O0Qn2oGCeoa
                                                                                                                                                                                                            MD5:9863AD412FA5529D5A712EF228AC6E2B
                                                                                                                                                                                                            SHA1:BDA741FD705277C29379B01100A162E922F76583
                                                                                                                                                                                                            SHA-256:502CCBE31FE0F984A2FA0610EE6385A3E478CD866E19208E229B6EF8FCFB2934
                                                                                                                                                                                                            SHA-512:8F64B1AC2423EB6EBBD2853A985711C030F54279599382B3CBC3DE4EBB90A98A0273172A85D65E5E78CAE419E928FB787715EA9F2C8285662C89B25D6B584CB0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..B>...>...>......3............./......&......'......`......?......)...>...N...*..v...*..?...*.].?...>.5.?...*..?...Rich>...........PE..L.../..d.........."!...$.............}....................................... ......].....@.........................@M......\N..........h...............@=.......n...@..p....................A..........@....................K..@....................text............................... ..`.rdata..Xb.......d..................@..@.data....'...p.......N..............@....rsrc...h............d..............@..@.reloc...n.......p...j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI8B45.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):532727
                                                                                                                                                                                                            Entropy (8bit):7.23935922435014
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                            MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                            SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                            SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                            SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):37888
                                                                                                                                                                                                            Entropy (8bit):4.842865825224654
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                            MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                            SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                            SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                            SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\CustomAction.config

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1493
                                                                                                                                                                                                            Entropy (8bit):4.732294656481805
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                            MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                            SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                            SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                            SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):28784
                                                                                                                                                                                                            Entropy (8bit):6.08346118574361
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                            MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                            SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                            SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):701992
                                                                                                                                                                                                            Entropy (8bit):5.940787194132384
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                            MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                            SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                            SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                            SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):34984
                                                                                                                                                                                                            Entropy (8bit):6.000650459314047
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                            MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                            SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                            SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI90F4.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):532727
                                                                                                                                                                                                            Entropy (8bit):7.23935922435014
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                            MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                            SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                            SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                            SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):37888
                                                                                                                                                                                                            Entropy (8bit):4.842865825224654
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                            MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                            SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                            SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                            SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\CustomAction.config

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1493
                                                                                                                                                                                                            Entropy (8bit):4.732294656481805
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                            MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                            SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                            SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                            SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):28784
                                                                                                                                                                                                            Entropy (8bit):6.08346118574361
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                            MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                            SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                            SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):701992
                                                                                                                                                                                                            Entropy (8bit):5.940787194132384
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                            MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                            SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                            SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                            SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):34984
                                                                                                                                                                                                            Entropy (8bit):6.000650459314047
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                            MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                            SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                            SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI91A9.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                                                            Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                            MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                            SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                            SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                            SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI9227.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                                                            Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                            MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                            SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                            SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                            SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI9257.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                                                            Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                            MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                            SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                            SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                            SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI93AF.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                                                            Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                            MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                            SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                            SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                            SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI93D0.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                                                            Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                            MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                            SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                            SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                            SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI93F0.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                                                            Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                            MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                            SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                            SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                            SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI946E.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):726848
                                                                                                                                                                                                            Entropy (8bit):6.4584085143991095
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:ogaGWXLiDt5i+jfNIQTVhQNvj3jAszYzGLwQq63Trzzt5O0Qn2enGCeoa:FrBT6vj3cszYO5O0Qn2oGCeoa
                                                                                                                                                                                                            MD5:9863AD412FA5529D5A712EF228AC6E2B
                                                                                                                                                                                                            SHA1:BDA741FD705277C29379B01100A162E922F76583
                                                                                                                                                                                                            SHA-256:502CCBE31FE0F984A2FA0610EE6385A3E478CD866E19208E229B6EF8FCFB2934
                                                                                                                                                                                                            SHA-512:8F64B1AC2423EB6EBBD2853A985711C030F54279599382B3CBC3DE4EBB90A98A0273172A85D65E5E78CAE419E928FB787715EA9F2C8285662C89B25D6B584CB0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..B>...>...>......3............./......&......'......`......?......)...>...N...*..v...*..?...*.].?...>.5.?...*..?...Rich>...........PE..L.../..d.........."!...$.............}....................................... ......].....@.........................@M......\N..........h...............@=.......n...@..p....................A..........@....................K..@....................text............................... ..`.rdata..Xb.......d..................@..@.data....'...p.......N..............@....rsrc...h............d..............@..@.reloc...n.......p...j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI94BD.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1126208
                                                                                                                                                                                                            Entropy (8bit):6.47547142761303
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:tBbmgYewSBprKpygTqkg0z/f2sbQEiwiUt52wD5YqQc3w0RZqTkqMUM0zVQZo:tBflKp/Dz/f2sbQEidUt52Q5hz3w0RZI
                                                                                                                                                                                                            MD5:821A9095657D59C7CD66C28B3FD50ACE
                                                                                                                                                                                                            SHA1:AEF8A82D7D3DF689AF403BD0CCAB7ED04EC77609
                                                                                                                                                                                                            SHA-256:D5411A4C65860343B846D5503686181D3487CC324FC0562B4E5F3CD1662B80FE
                                                                                                                                                                                                            SHA-512:A885068D950307F1ABCF08DF41D3476174F02641105707EF3B81515D84F0F305DE84F6EA900421D250011EBFD4F3AFC1498CC4F3B14040E536CCB27FF6214C06
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J"..+L..+L..+L..YO..+L..YI.z+L.kUH..+L.kUO..+L.kUI..+L..YH..+L..YM..+L..+M..*L..TE..+L..TL..+L..T...+L..+..+L..TN..+L.Rich.+L.........PE..L......d.........."!...$.t..........0u.......................................P......(.....@.........................`...t...............................@=.......A.../..p....................0..........@...............4............................text...^s.......t.................. ..`.rdata...U.......V...x..............@..@.data...8...........................@....rsrc...............................@..@.reloc...A.......B..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI94ED.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                                                            Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                            MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                            SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                            SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                            SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI950D.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                                                            Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                            MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                            SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                            SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                            SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIB601.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):532727
                                                                                                                                                                                                            Entropy (8bit):7.23935922435014
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                            MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                            SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                            SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                            SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):37888
                                                                                                                                                                                                            Entropy (8bit):4.842865825224654
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                            MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                            SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                            SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                            SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\CustomAction.config

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1493
                                                                                                                                                                                                            Entropy (8bit):4.732294656481805
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                            MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                            SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                            SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                            SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):28784
                                                                                                                                                                                                            Entropy (8bit):6.08346118574361
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                            MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                            SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                            SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):701992
                                                                                                                                                                                                            Entropy (8bit):5.940787194132384
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                            MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                            SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                            SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                            SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):34984
                                                                                                                                                                                                            Entropy (8bit):6.000650459314047
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                            MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                            SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                            SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):532727
                                                                                                                                                                                                            Entropy (8bit):7.23935922435014
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                            MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                            SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                            SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                            SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):37888
                                                                                                                                                                                                            Entropy (8bit):4.842865825224654
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                            MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                            SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                            SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                            SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\CustomAction.config

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1493
                                                                                                                                                                                                            Entropy (8bit):4.732294656481805
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                            MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                            SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                            SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                            SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):28784
                                                                                                                                                                                                            Entropy (8bit):6.08346118574361
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                            MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                            SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                            SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):701992
                                                                                                                                                                                                            Entropy (8bit):5.940787194132384
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                            MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                            SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                            SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                            SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):34984
                                                                                                                                                                                                            Entropy (8bit):6.000650459314047
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                            MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                            SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                            SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIC545.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):532727
                                                                                                                                                                                                            Entropy (8bit):7.23935922435014
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                            MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                            SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                            SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                            SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):37888
                                                                                                                                                                                                            Entropy (8bit):4.842865825224654
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                            MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                            SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                            SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                            SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\CustomAction.config

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1493
                                                                                                                                                                                                            Entropy (8bit):4.732294656481805
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                            MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                            SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                            SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                            SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\DefMic.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):28784
                                                                                                                                                                                                            Entropy (8bit):6.08346118574361
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                            MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                            SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                            SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):701992
                                                                                                                                                                                                            Entropy (8bit):5.940787194132384
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                            MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                            SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                            SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                            SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):34984
                                                                                                                                                                                                            Entropy (8bit):6.000650459314047
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                            MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                            SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                            SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIC97C.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):726848
                                                                                                                                                                                                            Entropy (8bit):6.4584085143991095
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:ogaGWXLiDt5i+jfNIQTVhQNvj3jAszYzGLwQq63Trzzt5O0Qn2enGCeoa:FrBT6vj3cszYO5O0Qn2oGCeoa
                                                                                                                                                                                                            MD5:9863AD412FA5529D5A712EF228AC6E2B
                                                                                                                                                                                                            SHA1:BDA741FD705277C29379B01100A162E922F76583
                                                                                                                                                                                                            SHA-256:502CCBE31FE0F984A2FA0610EE6385A3E478CD866E19208E229B6EF8FCFB2934
                                                                                                                                                                                                            SHA-512:8F64B1AC2423EB6EBBD2853A985711C030F54279599382B3CBC3DE4EBB90A98A0273172A85D65E5E78CAE419E928FB787715EA9F2C8285662C89B25D6B584CB0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..B>...>...>......3............./......&......'......`......?......)...>...N...*..v...*..?...*.].?...>.5.?...*..?...Rich>...........PE..L.../..d.........."!...$.............}....................................... ......].....@.........................@M......\N..........h...............@=.......n...@..p....................A..........@....................K..@....................text............................... ..`.rdata..Xb.......d..................@..@.data....'...p.......N..............@....rsrc...h............d..............@..@.reloc...n.......p...j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIC9DB.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):726848
                                                                                                                                                                                                            Entropy (8bit):6.4584085143991095
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:ogaGWXLiDt5i+jfNIQTVhQNvj3jAszYzGLwQq63Trzzt5O0Qn2enGCeoa:FrBT6vj3cszYO5O0Qn2oGCeoa
                                                                                                                                                                                                            MD5:9863AD412FA5529D5A712EF228AC6E2B
                                                                                                                                                                                                            SHA1:BDA741FD705277C29379B01100A162E922F76583
                                                                                                                                                                                                            SHA-256:502CCBE31FE0F984A2FA0610EE6385A3E478CD866E19208E229B6EF8FCFB2934
                                                                                                                                                                                                            SHA-512:8F64B1AC2423EB6EBBD2853A985711C030F54279599382B3CBC3DE4EBB90A98A0273172A85D65E5E78CAE419E928FB787715EA9F2C8285662C89B25D6B584CB0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..B>...>...>......3............./......&......'......`......?......)...>...N...*..v...*..?...*.].?...>.5.?...*..?...Rich>...........PE..L.../..d.........."!...$.............}....................................... ......].....@.........................@M......\N..........h...............@=.......n...@..p....................A..........@....................K..@....................text............................... ..`.rdata..Xb.......d..................@..@.data....'...p.......N..............@....rsrc...h............d..............@..@.reloc...n.......p...j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSICA1B.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):726848
                                                                                                                                                                                                            Entropy (8bit):6.4584085143991095
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:ogaGWXLiDt5i+jfNIQTVhQNvj3jAszYzGLwQq63Trzzt5O0Qn2enGCeoa:FrBT6vj3cszYO5O0Qn2oGCeoa
                                                                                                                                                                                                            MD5:9863AD412FA5529D5A712EF228AC6E2B
                                                                                                                                                                                                            SHA1:BDA741FD705277C29379B01100A162E922F76583
                                                                                                                                                                                                            SHA-256:502CCBE31FE0F984A2FA0610EE6385A3E478CD866E19208E229B6EF8FCFB2934
                                                                                                                                                                                                            SHA-512:8F64B1AC2423EB6EBBD2853A985711C030F54279599382B3CBC3DE4EBB90A98A0273172A85D65E5E78CAE419E928FB787715EA9F2C8285662C89B25D6B584CB0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..B>...>...>......3............./......&......'......`......?......)...>...N...*..v...*..?...*.].?...>.5.?...*..?...Rich>...........PE..L.../..d.........."!...$.............}....................................... ......].....@.........................@M......\N..........h...............@=.......n...@..p....................A..........@....................K..@....................text............................... ..`.rdata..Xb.......d..................@..@.data....'...p.......N..............@....rsrc...h............d..............@..@.reloc...n.......p...j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\shi9497.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):80800
                                                                                                                                                                                                            Entropy (8bit):6.781496286846518
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:FRk1rh/be3Z1bij+8xG+sQxzQF50I9VSHIecbWZOUXYOe0/zuvY:FRk/+Z1z8s+s+QrTmIecbWIA7//gY
                                                                                                                                                                                                            MD5:1E6E97D60D411A2DEE8964D3D05ADB15
                                                                                                                                                                                                            SHA1:0A2FE6EC6B6675C44998C282DBB1CD8787612FAF
                                                                                                                                                                                                            SHA-256:8598940E498271B542F2C04998626AA680F2172D0FF4F8DBD4FFEC1A196540F9
                                                                                                                                                                                                            SHA-512:3F7D79079C57786051A2F7FACFB1046188049E831F12B549609A8F152664678EE35AD54D1FFF4447428B6F76BEA1C7CA88FA96AAB395A560C6EC598344FCC7FA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.Dq..*"..*"..*"..+#..*".."..*"..+"4.*"}.)#..*"}..#..*"}./#..*"}.*#..*"}.."..*"}.(#..*"Rich..*"........................PE..L...7.O.........."!... .....................................................P............@A........................0........ .......0...................'...@.......$..T............................#..@............ ...............................text...D........................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\shiD545.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):80800
                                                                                                                                                                                                            Entropy (8bit):6.781496286846518
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:FRk1rh/be3Z1bij+8xG+sQxzQF50I9VSHIecbWZOUXYOe0/zuvY:FRk/+Z1z8s+s+QrTmIecbWIA7//gY
                                                                                                                                                                                                            MD5:1E6E97D60D411A2DEE8964D3D05ADB15
                                                                                                                                                                                                            SHA1:0A2FE6EC6B6675C44998C282DBB1CD8787612FAF
                                                                                                                                                                                                            SHA-256:8598940E498271B542F2C04998626AA680F2172D0FF4F8DBD4FFEC1A196540F9
                                                                                                                                                                                                            SHA-512:3F7D79079C57786051A2F7FACFB1046188049E831F12B549609A8F152664678EE35AD54D1FFF4447428B6F76BEA1C7CA88FA96AAB395A560C6EC598344FCC7FA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.Dq..*"..*"..*"..+#..*".."..*"..+"4.*"}.)#..*"}..#..*"}./#..*"}.*#..*"}.."..*"}.(#..*"Rich..*"........................PE..L...7.O.........."!... .....................................................P............@A........................0........ .......0...................'...@.......$..T............................#..@............ ...............................text...D........................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\viewer.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):440144
                                                                                                                                                                                                            Entropy (8bit):6.586214016423998
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:tbiQnSDqYisDEiD3jbTFiuiSiO+kP53nUNlQK:tbvnSDqJsDEiD3PTFTFiS53UNWK
                                                                                                                                                                                                            MD5:C56ED5776A11DFD94CDDD9A512B39E3C
                                                                                                                                                                                                            SHA1:147339B7E75B9A32601BB04A5A597A7F81DDB201
                                                                                                                                                                                                            SHA-256:ABF6C7C0E77D4CAD109B9B7A2CEFF9E2066C4B0A6A8730AECED89D9A9B7E8CC4
                                                                                                                                                                                                            SHA-512:FC214684D608D4DBC643C256516E65793399BDF8798940D68B32CD8F84F265C3AC5DDD3E5AC4C8CD1866D0C130F2AA0FAEA39592414D1002642D83A16DF06A19
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..M~m..~m..~m......sm.......m......mm......im....../m......im.......m......gm..~m...m..j...dm..j.s..m..~m...m..j....m..Rich~m..........PE..L......d.........."....$.........................@.......................................@..................................4..........8...............P).......:..@...p...............................@...............l............................text...F........................... ..`.rdata...R.......T..................@..@.data....7...P.......,..............@....rsrc...8............F..............@..@.reloc...:.......<...R..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\62ca48.msi

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {F451DF01-DEEE-4799-9D74-C13F54F5C275}, Number of Words: 2, Subject: ScreenBeam Conference, Author: ScreenBeam Inc., Name of Creating Application: ScreenBeam Conference, Template: x64;1033, Comments: ScreenBeam Conference Installer, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Nov 21 03:04:58 2023, Number of Pages: 200
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):102197248
                                                                                                                                                                                                            Entropy (8bit):7.970392187750961
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3145728:9De0/dkW7EDe0/GjVLME6DzmcfbQVmHtNSj9:9De0OWgDe08ITfbQVm/Sj
                                                                                                                                                                                                            MD5:80744017CD0EDE4BC3C925568C88FAC5
                                                                                                                                                                                                            SHA1:8B9BFCA894FD934C37E3B5AC237956A36AC1CF69
                                                                                                                                                                                                            SHA-256:3C1B3C446DBACA7916FE7A8294637D831047891DE5163BB53D3CA776A37E220E
                                                                                                                                                                                                            SHA-512:9055DC051D711F13036F240AF5AE3CE48A309A0C154BF0DE93B5D0EFA90DC6A43478CA88A12741E0625D407C68264E2C5BCD5909E2A902BDAE735650EDB7E9A7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......................>............................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...{...|...}...~...........................u...............................................................5...E.......................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\62ca4a.msi

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {F451DF01-DEEE-4799-9D74-C13F54F5C275}, Number of Words: 2, Subject: ScreenBeam Conference, Author: ScreenBeam Inc., Name of Creating Application: ScreenBeam Conference, Template: x64;1033, Comments: ScreenBeam Conference Installer, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Nov 21 03:04:58 2023, Number of Pages: 200
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):102197248
                                                                                                                                                                                                            Entropy (8bit):7.970392187750961
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3145728:9De0/dkW7EDe0/GjVLME6DzmcfbQVmHtNSj9:9De0OWgDe08ITfbQVm/Sj
                                                                                                                                                                                                            MD5:80744017CD0EDE4BC3C925568C88FAC5
                                                                                                                                                                                                            SHA1:8B9BFCA894FD934C37E3B5AC237956A36AC1CF69
                                                                                                                                                                                                            SHA-256:3C1B3C446DBACA7916FE7A8294637D831047891DE5163BB53D3CA776A37E220E
                                                                                                                                                                                                            SHA-512:9055DC051D711F13036F240AF5AE3CE48A309A0C154BF0DE93B5D0EFA90DC6A43478CA88A12741E0625D407C68264E2C5BCD5909E2A902BDAE735650EDB7E9A7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......................>............................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...{...|...}...~...........................u...............................................................5...E.......................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSI10A6.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):803131
                                                                                                                                                                                                            Entropy (8bit):6.548659701612692
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:xr/4xC95xMMFd8JUSWRAIUcoN4xC95xMMFd8JUSWRAIUcoR:xeC95xMicwCIUcoNeC95xMicwCIUcoR
                                                                                                                                                                                                            MD5:73EFF6EA3005E26D8C9A00518189C887
                                                                                                                                                                                                            SHA1:98E09E2D0AC8087F3160BA5B551E0E16F84E5E5A
                                                                                                                                                                                                            SHA-256:9D0D8955C670B66E6AA4BF97497FEC952F31040584F9A6DEB50F87DFBFBEAB7E
                                                                                                                                                                                                            SHA-512:B4FF1ED3B19A6073246B1B0633D11D0F44FC66C8A3C6196BE7AFE02CD55269E28B5A9B742A556786C92C18932C49910D0623FAC24DF6EFB7BBC06C32D9AEDB87
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...@IXOS.@.....@...W.@.....@.....@.....@.....@.....@......&.{9C551A83-C7FC-408C-96BE-AF933DBAD65B}..ScreenBeam Conference!.ScreenBeam_Conference_Windows.msi.@.....@.....@.....@......ScreenBeam.exe..&.{F451DF01-DEEE-4799-9D74-C13F54F5C275}.....@.....@.....@.....@.......@.....@.....@.......@......ScreenBeam Conference......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{7199D981-9853-484B-8139-2C2B34F1FA2A}'.C:\Program Files\ScreenBeam\Conference\.@.......@.....@.....@......&.{EC32DB67-553E-42DB-8AB0-D93C26D64C7E}:.22:\Software\ScreenBeam Inc.\ScreenBeam Conference\Version.@.......@.....@.....@......&.{85245CA4-064E-4C9A-A44A-343774C760F3}9.C:\Program Files\ScreenBeam\Conference\app\ControlzEx.dll.@.......@.....@.....@......&.{041A7DD2-445F-4C98-9186-26507D7F21CB}9.C:\Program Files\ScreenBeam\Conference\app\ControlzEx.xml.@.......@.....@.....@......&.{842B369E

                                                                                                                                                                                                            C:\Windows\Installer\MSI10D6.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):532727
                                                                                                                                                                                                            Entropy (8bit):7.23935922435014
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                            MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                            SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                            SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                            SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSI10D6.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):37888
                                                                                                                                                                                                            Entropy (8bit):4.842865825224654
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                            MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                            SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                            SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                            SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                            C:\Windows\Installer\MSI10D6.tmp-\CustomAction.config

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1493
                                                                                                                                                                                                            Entropy (8bit):4.732294656481805
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                            MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                            SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                            SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                            SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                            C:\Windows\Installer\MSI10D6.tmp-\DefMic.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):28784
                                                                                                                                                                                                            Entropy (8bit):6.08346118574361
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                            MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                            SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                            SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                            C:\Windows\Installer\MSI10D6.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSI10D6.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):701992
                                                                                                                                                                                                            Entropy (8bit):5.940787194132384
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                            MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                            SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                            SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                            SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                            C:\Windows\Installer\MSI10D6.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):34984
                                                                                                                                                                                                            Entropy (8bit):6.000650459314047
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                            MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                            SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                            SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                            C:\Windows\Installer\MSI175F.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):532727
                                                                                                                                                                                                            Entropy (8bit):7.23935922435014
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                            MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                            SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                            SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                            SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSI175F.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):37888
                                                                                                                                                                                                            Entropy (8bit):4.842865825224654
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                            MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                            SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                            SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                            SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                            C:\Windows\Installer\MSI175F.tmp-\CustomAction.config

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1493
                                                                                                                                                                                                            Entropy (8bit):4.732294656481805
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                            MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                            SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                            SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                            SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                            C:\Windows\Installer\MSI175F.tmp-\DefMic.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):28784
                                                                                                                                                                                                            Entropy (8bit):6.08346118574361
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                            MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                            SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                            SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                            C:\Windows\Installer\MSI175F.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSI175F.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):701992
                                                                                                                                                                                                            Entropy (8bit):5.940787194132384
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                            MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                            SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                            SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                            SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                            C:\Windows\Installer\MSI175F.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):34984
                                                                                                                                                                                                            Entropy (8bit):6.000650459314047
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                            MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                            SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                            SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                            C:\Windows\Installer\MSI1C03.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):353600
                                                                                                                                                                                                            Entropy (8bit):6.524155130898608
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:/4xsB95xMzgFkesmW1XAOKoUSUU++VWRAItCcoL:/4xC95xMMFd8JUSWRAIUcoL
                                                                                                                                                                                                            MD5:BE89B6F7002085A772991D0A12F74750
                                                                                                                                                                                                            SHA1:F80538233AC4B4E72E945683FB4DBC3B30115F51
                                                                                                                                                                                                            SHA-256:FBA201FCA51358E2CF0368CEF6DF81D593F48581B85A97E29CEB9F64BE0172EB
                                                                                                                                                                                                            SHA-512:4D0D5DAAE8EA2389F92B795AF0FFCB413504BF829D3ED593CD164100251A7BE3D14483C32A7721ED68F6BA2F8D46D1A2CAF3B72C60A2146E7BAC12AED159469B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A5.Q [^Q [^Q [^.RX_\ [^.R^_. [^.^__^ [^.^X_F [^.^^_. [^.R__I [^.RZ_@ [^Q Z^. [^E_R_J [^E_[_P [^E_.^P [^Q .^P [^E_Y_P [^RichQ [^................PE..L...!..d.........."!...$............?........................................p.......Q....@.......................................... ..x............(..@=...0...4...l..p...................@m.......k..@...............0............................text...V........................... ..`.rdata..NR.......T..................@..@.data...$...........................@....rsrc...x.... ......................@..@.reloc...4...0...6..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSI378B.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):353600
                                                                                                                                                                                                            Entropy (8bit):6.524155130898608
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:/4xsB95xMzgFkesmW1XAOKoUSUU++VWRAItCcoL:/4xC95xMMFd8JUSWRAIUcoL
                                                                                                                                                                                                            MD5:BE89B6F7002085A772991D0A12F74750
                                                                                                                                                                                                            SHA1:F80538233AC4B4E72E945683FB4DBC3B30115F51
                                                                                                                                                                                                            SHA-256:FBA201FCA51358E2CF0368CEF6DF81D593F48581B85A97E29CEB9F64BE0172EB
                                                                                                                                                                                                            SHA-512:4D0D5DAAE8EA2389F92B795AF0FFCB413504BF829D3ED593CD164100251A7BE3D14483C32A7721ED68F6BA2F8D46D1A2CAF3B72C60A2146E7BAC12AED159469B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A5.Q [^Q [^Q [^.RX_\ [^.R^_. [^.^__^ [^.^X_F [^.^^_. [^.R__I [^.RZ_@ [^Q Z^. [^E_R_J [^E_[_P [^E_.^P [^Q .^P [^E_Y_P [^RichQ [^................PE..L...!..d.........."!...$............?........................................p.......Q....@.......................................... ..x............(..@=...0...4...l..p...................@m.......k..@...............0............................text...V........................... ..`.rdata..NR.......T..................@..@.data...$...........................@....rsrc...x.... ......................@..@.reloc...4...0...6..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSI5025.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):532727
                                                                                                                                                                                                            Entropy (8bit):7.23935922435014
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                            MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                            SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                            SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                            SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSI5566.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):532727
                                                                                                                                                                                                            Entropy (8bit):7.23935922435014
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                            MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                            SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                            SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                            SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSI55D4.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):532727
                                                                                                                                                                                                            Entropy (8bit):7.23935922435014
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                            MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                            SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                            SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                            SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSI5662.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                            Size (bytes):532727
                                                                                                                                                                                                            Entropy (8bit):7.23935922435014
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                            MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                            SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                            SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                            SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSIAF7.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):532727
                                                                                                                                                                                                            Entropy (8bit):7.23935922435014
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                            MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                            SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                            SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                            SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSIAF7.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):37888
                                                                                                                                                                                                            Entropy (8bit):4.842865825224654
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                            MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                            SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                            SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                            SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                            C:\Windows\Installer\MSIAF7.tmp-\CustomAction.config

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1493
                                                                                                                                                                                                            Entropy (8bit):4.732294656481805
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                            MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                            SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                            SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                            SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                            C:\Windows\Installer\MSIAF7.tmp-\DefMic.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):28784
                                                                                                                                                                                                            Entropy (8bit):6.08346118574361
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                            MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                            SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                            SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                            C:\Windows\Installer\MSIAF7.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSIAF7.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):701992
                                                                                                                                                                                                            Entropy (8bit):5.940787194132384
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                            MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                            SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                            SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                            SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                            C:\Windows\Installer\MSIAF7.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):34984
                                                                                                                                                                                                            Entropy (8bit):6.000650459314047
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                            MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                            SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                            SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                            C:\Windows\Installer\MSID44B.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                                                            Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                            MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                            SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                            SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                            SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSID4B9.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                                                            Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                            MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                            SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                            SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                            SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSID4D9.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                                                            Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                            MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                            SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                            SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                            SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSID509.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):726848
                                                                                                                                                                                                            Entropy (8bit):6.4584085143991095
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:ogaGWXLiDt5i+jfNIQTVhQNvj3jAszYzGLwQq63Trzzt5O0Qn2enGCeoa:FrBT6vj3cszYO5O0Qn2oGCeoa
                                                                                                                                                                                                            MD5:9863AD412FA5529D5A712EF228AC6E2B
                                                                                                                                                                                                            SHA1:BDA741FD705277C29379B01100A162E922F76583
                                                                                                                                                                                                            SHA-256:502CCBE31FE0F984A2FA0610EE6385A3E478CD866E19208E229B6EF8FCFB2934
                                                                                                                                                                                                            SHA-512:8F64B1AC2423EB6EBBD2853A985711C030F54279599382B3CBC3DE4EBB90A98A0273172A85D65E5E78CAE419E928FB787715EA9F2C8285662C89B25D6B584CB0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..B>...>...>......3............./......&......'......`......?......)...>...N...*..v...*..?...*.].?...>.5.?...*..?...Rich>...........PE..L.../..d.........."!...$.............}....................................... ......].....@.........................@M......\N..........h...............@=.......n...@..p....................A..........@....................K..@....................text............................... ..`.rdata..Xb.......d..................@..@.data....'...p.......N..............@....rsrc...h............d..............@..@.reloc...n.......p...j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSID597.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):726848
                                                                                                                                                                                                            Entropy (8bit):6.4584085143991095
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:ogaGWXLiDt5i+jfNIQTVhQNvj3jAszYzGLwQq63Trzzt5O0Qn2enGCeoa:FrBT6vj3cszYO5O0Qn2oGCeoa
                                                                                                                                                                                                            MD5:9863AD412FA5529D5A712EF228AC6E2B
                                                                                                                                                                                                            SHA1:BDA741FD705277C29379B01100A162E922F76583
                                                                                                                                                                                                            SHA-256:502CCBE31FE0F984A2FA0610EE6385A3E478CD866E19208E229B6EF8FCFB2934
                                                                                                                                                                                                            SHA-512:8F64B1AC2423EB6EBBD2853A985711C030F54279599382B3CBC3DE4EBB90A98A0273172A85D65E5E78CAE419E928FB787715EA9F2C8285662C89B25D6B584CB0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z..B>...>...>......3............./......&......'......`......?......)...>...N...*..v...*..?...*.].?...>.5.?...*..?...Rich>...........PE..L.../..d.........."!...$.............}....................................... ......].....@.........................@M......\N..........h...............@=.......n...@..p....................A..........@....................K..@....................text............................... ..`.rdata..Xb.......d..................@..@.data....'...p.......N..............@....rsrc...h............d..............@..@.reloc...n.......p...j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSID5B7.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):532727
                                                                                                                                                                                                            Entropy (8bit):7.23935922435014
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                            MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                            SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                            SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                            SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSID5B7.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):37888
                                                                                                                                                                                                            Entropy (8bit):4.842865825224654
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                            MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                            SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                            SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                            SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                            C:\Windows\Installer\MSID5B7.tmp-\CustomAction.config

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1493
                                                                                                                                                                                                            Entropy (8bit):4.732294656481805
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                            MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                            SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                            SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                            SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                            C:\Windows\Installer\MSID5B7.tmp-\DefMic.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):28784
                                                                                                                                                                                                            Entropy (8bit):6.08346118574361
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                            MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                            SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                            SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                            C:\Windows\Installer\MSID5B7.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSID5B7.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):701992
                                                                                                                                                                                                            Entropy (8bit):5.940787194132384
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                            MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                            SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                            SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                            SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                            C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):34984
                                                                                                                                                                                                            Entropy (8bit):6.000650459314047
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                            MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                            SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                            SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                            C:\Windows\Installer\MSIDD3A.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                                                            Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                            MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                            SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                            SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                            SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSIDD6.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                                                            Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                            MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                            SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                            SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                            SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSIDD79.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):532727
                                                                                                                                                                                                            Entropy (8bit):7.23935922435014
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                            MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                            SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                            SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                            SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSIDD79.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):37888
                                                                                                                                                                                                            Entropy (8bit):4.842865825224654
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                            MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                            SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                            SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                            SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                            C:\Windows\Installer\MSIDD79.tmp-\CustomAction.config

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1493
                                                                                                                                                                                                            Entropy (8bit):4.732294656481805
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                            MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                            SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                            SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                            SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                            C:\Windows\Installer\MSIDD79.tmp-\DefMic.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):28784
                                                                                                                                                                                                            Entropy (8bit):6.08346118574361
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                            MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                            SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                            SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                            C:\Windows\Installer\MSIDD79.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSIDD79.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):701992
                                                                                                                                                                                                            Entropy (8bit):5.940787194132384
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                            MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                            SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                            SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                            SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                            C:\Windows\Installer\MSIDD79.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                            Size (bytes):34984
                                                                                                                                                                                                            Entropy (8bit):6.000650459314047
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                            MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                            SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                            SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                            C:\Windows\Installer\MSIF44E.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                                                            Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                            MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                            SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                            SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                            SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSIF47E.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):602432
                                                                                                                                                                                                            Entropy (8bit):6.4696654484377945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:waFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOlKmN9ysU5pvs8g73iK:JYL9HXVW0xOA+KlZC4vA55s8g73iK
                                                                                                                                                                                                            MD5:A9941233B9415B479D3B4F3732161EAB
                                                                                                                                                                                                            SHA1:CB2D99AF52B3B1C712943B13E45D85C80C732E57
                                                                                                                                                                                                            SHA-256:CE34CC14E8D26119E1BF28A3A8368DA6E10D13851004E2675976C5AD58B122E2
                                                                                                                                                                                                            SHA-512:CFD6C425587E5E7C57B6F4655E2A48C871313E2BACF63CC0955CCAE1A384610644F26AA76BEE0A2A327CD77C2AE7DEF8EA9CB0C7C7C87FAB1C8196BAC82037F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u.u.u.L.v.u.L.p.4.u.;.q.u.;.v.u.;.p..u.L.q.u.L.s.u.L.t.u.t.!.u..|...u..u.u...u...u..w.u.Rich..u.........PE..L......d.........."!...$.>...........Y.......P...............................0............@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSIF4AE.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):532727
                                                                                                                                                                                                            Entropy (8bit):7.23935922435014
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                            MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                            SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                            SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                            SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSIF4AE.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):37888
                                                                                                                                                                                                            Entropy (8bit):4.842865825224654
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                            MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                            SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                            SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                            SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                            C:\Windows\Installer\MSIF4AE.tmp-\CustomAction.config

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1493
                                                                                                                                                                                                            Entropy (8bit):4.732294656481805
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                            MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                            SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                            SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                            SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                            C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):28784
                                                                                                                                                                                                            Entropy (8bit):6.08346118574361
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                            MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                            SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                            SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                            C:\Windows\Installer\MSIF4AE.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSIF4AE.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):701992
                                                                                                                                                                                                            Entropy (8bit):5.940787194132384
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                            MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                            SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                            SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                            SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                            C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):34984
                                                                                                                                                                                                            Entropy (8bit):6.000650459314047
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                            MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                            SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                            SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                            C:\Windows\Installer\MSIFFF9.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):532727
                                                                                                                                                                                                            Entropy (8bit):7.23935922435014
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:c8XqvLwHL0otXjsg0qaPXQmctTmGRZRox49CMnO2IjbN4C0pSu+TKVf/DAZeRKR:6wHL0D1pQmCVZWisSO2IH/CAiHD6/R
                                                                                                                                                                                                            MD5:BCF3BCC9CFAEB5DE58D6BD53E6C0D42C
                                                                                                                                                                                                            SHA1:BDA39D33424D03BF5DCC7667D47175A407D694FE
                                                                                                                                                                                                            SHA-256:323F401C24CBF20E28DCA3498BF1ECD19230C7FB5558AEDE99808E809B01B9D4
                                                                                                                                                                                                            SHA-512:7B66CFE5EFA7377CDBB0A479EE6750FA56C48BB3E6D5F15067DD556299859C40A710896A9BD036DE1655AC44CF552AD9BE2BDFB3CE916576B896D7F10B96BEEB
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.>..>..>....w.>....u..>....t.>...V..>...V..>...V..>..F..>..>...>..>W..>..>W..>..>Wy.>..>..>..>W..>..Rich.>..........................PE..d....o.].........." .....R...........U.......................................p............`.........................................P....*......x....P.......0...............`..X......T...........................0................p...............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSIFFF9.tmp-\ByomCustomAction.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):37888
                                                                                                                                                                                                            Entropy (8bit):4.842865825224654
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:CzmYFEr6mMN+c28dt0n0cm99K8CaME86El8aJAvg5vinM8o:IErpO28Un0cm9o8CaME86El8aJAvghiC
                                                                                                                                                                                                            MD5:0ADAABBCABF39DD26C853535D7E49236
                                                                                                                                                                                                            SHA1:430F410E8ED7489C58BEFC22B9430E7EC6E02004
                                                                                                                                                                                                            SHA-256:16087C200AABC7DAED61B64F58BA60F783AEC40277230D11D5295EF4D9A54031
                                                                                                                                                                                                            SHA-512:5F48B348E7406C3617755312282AD5146A088CAD62FB703487A2F890B74A187E1288F2606B159A9BDF242531151B741B9FEF9F88B8E0D2F1967ABB2CD39EC5A0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.\e.........." ..0.................. ........... ....................................`...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@........................................H.......LI..Hc...........................................................0...........r...po....~.....rY..p..r...po....&.r...po......"...%..,.o......r...po......"...%..,.o.......i..i...r/..po.... C............8.....r...p....(....o........(.........9.........o........r6..p(....,y.rB..prX..po.......+Z.....o....o....r^..po....,9.rj..po.....rB..pr...po.........o....->.....(....(.....+,...X.......i2.+......o....-......(....(........X......i?.....r...po.....(......r...p(.....,8.r2..po.....

                                                                                                                                                                                                            C:\Windows\Installer\MSIFFF9.tmp-\CustomAction.config

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1493
                                                                                                                                                                                                            Entropy (8bit):4.732294656481805
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB7ZtG9jDqRp:c0nd5t7q7WsFD7tztG96n
                                                                                                                                                                                                            MD5:01C01D040563A55E0FD31CC8DAA5F155
                                                                                                                                                                                                            SHA1:3C1C229703198F9772D7721357F1B90281917842
                                                                                                                                                                                                            SHA-256:33D947C04A10E3AFF3DCA3B779393FA56CE5F02251C8CBAE5076A125FDEA081F
                                                                                                                                                                                                            SHA-512:9C3F0CC17868479575090E1949E31A688B8C1CDFA56AC4A08CBE661466BB40ECFC94EA512DC4B64D5FF14A563F96F1E71C03B6EEACC42992455BD4F1C91F17D5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                            C:\Windows\Installer\MSIFFF9.tmp-\DefMic.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):28784
                                                                                                                                                                                                            Entropy (8bit):6.08346118574361
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Njd3dLRRG0F3yFpRzAFgLU5pnsEdy4qy5NFa4ElKiH7A0/GDGwE3hgp:NjdF0pnqJy4qsFajwiHoDG9h
                                                                                                                                                                                                            MD5:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            SHA1:4A22DBBEAA8CF660522BBF68C8FF029A10AAE017
                                                                                                                                                                                                            SHA-256:AF419AE180755DCDEE1903EDC604F9B1587DE3E7B392247C9089C5F679A760E4
                                                                                                                                                                                                            SHA-512:6AEC6DB0B8E7D22402E0A2A924A8E5C8505F3C85227AC67E6171AA0D6AEB6F4582D84FD0924090D98F859ECC92008C0C26D6EFFD60705A4A5C709A54B8445D96
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............."...0..L..........Zj... ........@.. ..............................].....`..................................j..O....................V..p...........Li..8............................................ ............... ..H............text...`J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................;j......H.......$...(;...........................................................0..Y.......(....(.......9......9.......o......9.....r...p(....-".r...p(....-@.r...p(....:....8.....(......,..o....(.........o....(............(......,=.o.....14.o......+...(....o....(......(....-...........o.........o....(.......{...i./.r'..p+....o....(....-....Zo....(.......Lr)..p...rK..p(....(......+1rO..p(....r...p..'...%.r...p.%.rU..p.( ...(.......*....4....X..q......................K........... ...

                                                                                                                                                                                                            C:\Windows\Installer\MSIFFF9.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\MSIFFF9.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):701992
                                                                                                                                                                                                            Entropy (8bit):5.940787194132384
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                                                                                                            MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                                                                                                            SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                                                                                                            SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                                                                                                            SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                            C:\Windows\Installer\MSIFFF9.tmp-\sbdrvmgr.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):34984
                                                                                                                                                                                                            Entropy (8bit):6.000650459314047
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:vpi8gAMeOlzzBbaERp8h3VGKrX1/LVtYcFSVc6KSDG2FhCZZ:xi8gAJbNlz9SVclBZZ
                                                                                                                                                                                                            MD5:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            SHA1:64D5F0E3F7170C99ABADDCC09C26A44A83513871
                                                                                                                                                                                                            SHA-256:70B980E8E365BDB1883DB597455901F7CD75D727B3FF65198FB184510DC1C251
                                                                                                                                                                                                            SHA-512:C21BFBEE9C507FD6ED1D9F04800597E3923CED33E963FDDE76E1DAB8FF5DA2B5E8AFB1B8729E952C18869A4626B6274ECD603A93FD24157D380D94800AA3C437
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X"..........."...0..Z............... .....@..... ..............................x.....`...@......@............... ..................................p............n...............x..8............................................................ ..H............text...aY... ...Z.................. ..`.rsrc...p............\..............@..@........................................H.......(3..tE..........................................................*.(<......*..0............R~...... ......r...p...............(...+}e...~............r...p......%...%...(.....(......... ..(&...-.r3..p......%.(.....(....8a...re..p......%..s.....(......~....( .......~#...(....,.r...p......%.(.....(....8....r...p......%...(..........~.......(....-.r/..p......%.(.....(....8............(.....o....(.....o....()...-.r...p......%.(.....(....8..........(....-.r...p......%.(.....(....+`.

                                                                                                                                                                                                            C:\Windows\Installer\SourceHash{9C551A83-C7FC-408C-96BE-AF933DBAD65B}

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                            Entropy (8bit):1.173987994405182
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:JSbX72Fj6GvtliAGiLIlHVRpUh/7777777777777777777777777vDHFIHDTp/Xz:JQKSQI5Ee6F
                                                                                                                                                                                                            MD5:F63583376D97CF5E78820EEA87350EC4
                                                                                                                                                                                                            SHA1:C6E18D37F02C40AFF472738C5B11E703B3047614
                                                                                                                                                                                                            SHA-256:767712AC33E55EF1D5592A1A221D90572671AA8551EEA4FB6A502C33B9E02BBE
                                                                                                                                                                                                            SHA-512:FB2025E97B17F424FBE454F3182C77F7917D8357F94A3700A5A10FC23042154CD91F5BD43F47A7FBE8F59B83C0A89639077EAD58F9C7F23F2A947517D614A063
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                            Entropy (8bit):1.8339469228771574
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:58PhpuRc06WXJyjT5jIeIXdSwAEkrCyuGpeSkdSyHHltCMoGojQZCQZBt8xzMmaY:0hp1pjTOkRC7zn3uaCaQZa5+vRCUW
                                                                                                                                                                                                            MD5:981A3E922B25863FB6DFBA26A31CD184
                                                                                                                                                                                                            SHA1:8945A906B2F19DA06A6285E4AF987377278445BE
                                                                                                                                                                                                            SHA-256:815ABD9F1AF4A41161E37888D42E6A4542B08D89054FFFB7B9A49745B6CBC8A2
                                                                                                                                                                                                            SHA-512:D6190557535FE1AE8E13D0A8529211755FFF636661E61DBC7C27D81BB29DA8B587815A4AAF29DBB40E9E1FF8C6D06A0CEA72492824AD0DCAE1CF3BA86D5C6D32
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Installer\{9C551A83-C7FC-408C-96BE-AF933DBAD65B}\ScreenBeam.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16958
                                                                                                                                                                                                            Entropy (8bit):2.3402736777188395
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:a+Ngz9wjTeE7144BQ2DFFnEbHIcXExGErQa2Nvv4wG:acgz9qaE7144BQ2DPEzEMErQaAX4L
                                                                                                                                                                                                            MD5:D75CA2815FA84BC36C36D18B6AD9048F
                                                                                                                                                                                                            SHA1:5353AE1430AC909C25484047713712520C3A2AE2
                                                                                                                                                                                                            SHA-256:3B156EDE48A466BDEC4FF5F230B2841899DF2B0A4ED7A645CFF72F7DC3CBC318
                                                                                                                                                                                                            SHA-512:008A5D9B83143AC59ECF5CC2654C2597199052B0876225CF32102188F192DC7CAA87F3D7DC76E03C76AB682884198DD6A5CC3DC3AF6993DD9A7C47AB85832496
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......@@.... .(B......(...@......... ......@........................................._...................................................................................................................................................................................................................j...................................8...................................................................................................................................................................................................................................J.......................T................................................................................................................|bT.......................................................................................................................e...............5................................................................................................................pSD.L(..W5#.......................................

                                                                                                                                                                                                            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):432221
                                                                                                                                                                                                            Entropy (8bit):5.375174391603861
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgau+:zTtbmkExhMJCIpErX
                                                                                                                                                                                                            MD5:892802866911404DDC0336BB3234CA8A
                                                                                                                                                                                                            SHA1:8D189883328432DE8E3805C5B27CF4AB509380B0
                                                                                                                                                                                                            SHA-256:FAA57DB5DA282024DCC0433D7038964A2590EE33A3EAF0AA07BE22E40ADF71B0
                                                                                                                                                                                                            SHA-512:7C476C08CA874D4C4B015ABED52E4B11C3A48E3DBD48C27EBFE8D0569BBFFF0A86BCA1FB6D95EDF4FE37C7280BD8B1730CBE748F9FF114BE5CAD35BA51CB9F68
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                            C:\Windows\Temp\~DF028247FB3ED96DC2.TMP

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Temp\~DF2F39A0D3A8199F8E.TMP

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                            Entropy (8bit):1.4491633763826945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:fSRuGI+CFXJlT55UnIeIXdSwAEkrCyuGpeSkdSyHHltCMoGojQZCQZBt8xzMma5W:qRa9T31kRC7zn3uaCaQZa5+vRCUW
                                                                                                                                                                                                            MD5:39433DECFD2F53F186182DD246EE625D
                                                                                                                                                                                                            SHA1:19496AF3ACC9545F3371493531CF9AC098B6C94C
                                                                                                                                                                                                            SHA-256:E1180F480889F61660C23A25E3E3425D73320CB1C234C51963AB4947EEDD31F7
                                                                                                                                                                                                            SHA-512:41AB1F684FD2C1F4855C7FF7382216D5268DE937F737150C3D4D3966644FDAF8D121E363FA40D49637BD03FDD8DD4B08229DEC6A9CFCC77CACF628903BB110F1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Temp\~DF43C8927D9C699749.TMP

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                            Entropy (8bit):1.4491633763826945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:fSRuGI+CFXJlT55UnIeIXdSwAEkrCyuGpeSkdSyHHltCMoGojQZCQZBt8xzMma5W:qRa9T31kRC7zn3uaCaQZa5+vRCUW
                                                                                                                                                                                                            MD5:39433DECFD2F53F186182DD246EE625D
                                                                                                                                                                                                            SHA1:19496AF3ACC9545F3371493531CF9AC098B6C94C
                                                                                                                                                                                                            SHA-256:E1180F480889F61660C23A25E3E3425D73320CB1C234C51963AB4947EEDD31F7
                                                                                                                                                                                                            SHA-512:41AB1F684FD2C1F4855C7FF7382216D5268DE937F737150C3D4D3966644FDAF8D121E363FA40D49637BD03FDD8DD4B08229DEC6A9CFCC77CACF628903BB110F1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Temp\~DF5ADD1D24F9D955EF.TMP

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Temp\~DF6487248EC1F0666F.TMP

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Temp\~DF684B04CF77E7E4C1.TMP

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):73728
                                                                                                                                                                                                            Entropy (8bit):0.23863067881855615
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:wIu2mzrdSwAEkrCyuCSkdSzdSwAEkrCyuGpeSkdSyHHltCMoGojQZCQZBt8xzMmu:bRRCU7RC7zn3uaCaQZa5+Z
                                                                                                                                                                                                            MD5:B60A156DC68A44630E4A61968DBB1954
                                                                                                                                                                                                            SHA1:9AF73E06818BDF335EAAE0B680CBD7F9C6B0D5AC
                                                                                                                                                                                                            SHA-256:34538A0211AFA63B2A1B3E9C6E62A6E4210738FD8C3523F12B295D2E86C460C4
                                                                                                                                                                                                            SHA-512:E9B5A3FB513D29DB1EF2DD934252CD5764835C73BD70BA3A31E7E58D8B0B186D89690B5B65E117E30F7B7D81B77F897A0F8F52CC64AEEA2FBC91E9BFA6A3F8F8
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Temp\~DF70CC5488B0282401.TMP

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Temp\~DF77CB83F3C329999C.TMP

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                            Entropy (8bit):1.8339469228771574
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:58PhpuRc06WXJyjT5jIeIXdSwAEkrCyuGpeSkdSyHHltCMoGojQZCQZBt8xzMmaY:0hp1pjTOkRC7zn3uaCaQZa5+vRCUW
                                                                                                                                                                                                            MD5:981A3E922B25863FB6DFBA26A31CD184
                                                                                                                                                                                                            SHA1:8945A906B2F19DA06A6285E4AF987377278445BE
                                                                                                                                                                                                            SHA-256:815ABD9F1AF4A41161E37888D42E6A4542B08D89054FFFB7B9A49745B6CBC8A2
                                                                                                                                                                                                            SHA-512:D6190557535FE1AE8E13D0A8529211755FFF636661E61DBC7C27D81BB29DA8B587815A4AAF29DBB40E9E1FF8C6D06A0CEA72492824AD0DCAE1CF3BA86D5C6D32
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Temp\~DF7CC002282219D22A.TMP

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Temp\~DF8220CD17B3DEA6F0.TMP

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                            Entropy (8bit):0.07896172752896818
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOJYl2yDq2lACLDh1SVky6l/X:2F0i8n0itFzDHFIHDTp/X
                                                                                                                                                                                                            MD5:C306917C6063A4121422B336E93411C1
                                                                                                                                                                                                            SHA1:6AFA970112C5B5294D03EDE0EA29994B40903E60
                                                                                                                                                                                                            SHA-256:5F978A91535964A7233195F8A1C9EC5E0FB158782FA6663C8A614DD6FEAB84EA
                                                                                                                                                                                                            SHA-512:042EBE757D892E79F5DD80436AB8D4F7A1FCC1D7C12F1A1A4178D5FAD79AB974D0B42ACE073B221A0C6C17E58B96A05F97DF6332904F1173DB5C1569DBA4565C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Temp\~DF94DA1430DAC29F9F.TMP

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                            Entropy (8bit):1.4491633763826945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:fSRuGI+CFXJlT55UnIeIXdSwAEkrCyuGpeSkdSyHHltCMoGojQZCQZBt8xzMma5W:qRa9T31kRC7zn3uaCaQZa5+vRCUW
                                                                                                                                                                                                            MD5:39433DECFD2F53F186182DD246EE625D
                                                                                                                                                                                                            SHA1:19496AF3ACC9545F3371493531CF9AC098B6C94C
                                                                                                                                                                                                            SHA-256:E1180F480889F61660C23A25E3E3425D73320CB1C234C51963AB4947EEDD31F7
                                                                                                                                                                                                            SHA-512:41AB1F684FD2C1F4855C7FF7382216D5268DE937F737150C3D4D3966644FDAF8D121E363FA40D49637BD03FDD8DD4B08229DEC6A9CFCC77CACF628903BB110F1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Windows\Temp\~DFB1B42FB7240BF34A.TMP

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                            Entropy (8bit):1.8339469228771574
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:58PhpuRc06WXJyjT5jIeIXdSwAEkrCyuGpeSkdSyHHltCMoGojQZCQZBt8xzMmaY:0hp1pjTOkRC7zn3uaCaQZa5+vRCUW
                                                                                                                                                                                                            MD5:981A3E922B25863FB6DFBA26A31CD184
                                                                                                                                                                                                            SHA1:8945A906B2F19DA06A6285E4AF987377278445BE
                                                                                                                                                                                                            SHA-256:815ABD9F1AF4A41161E37888D42E6A4542B08D89054FFFB7B9A49745B6CBC8A2
                                                                                                                                                                                                            SHA-512:D6190557535FE1AE8E13D0A8529211755FFF636661E61DBC7C27D81BB29DA8B587815A4AAF29DBB40E9E1FF8C6D06A0CEA72492824AD0DCAE1CF3BA86D5C6D32
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                            General

                                                                                                                                                                                                            File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {F451DF01-DEEE-4799-9D74-C13F54F5C275}, Number of Words: 2, Subject: ScreenBeam Conference, Author: ScreenBeam Inc., Name of Creating Application: ScreenBeam Conference, Template: x64;1033, Comments: ScreenBeam Conference Installer, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Nov 21 03:04:58 2023, Number of Pages: 200
                                                                                                                                                                                                            Entropy (8bit):7.970392187750961
                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                            • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                                                                                                                                                                                                            File name:ScreenBeam_Conference_Windows.msi
                                                                                                                                                                                                            File size:102'197'248 bytes
                                                                                                                                                                                                            MD5:80744017cd0ede4bc3c925568c88fac5
                                                                                                                                                                                                            SHA1:8b9bfca894fd934c37e3b5ac237956a36ac1cf69
                                                                                                                                                                                                            SHA256:3c1b3c446dbaca7916fe7a8294637d831047891de5163bb53d3ca776a37e220e
                                                                                                                                                                                                            SHA512:9055dc051d711f13036f240af5ae3ce48a309a0c154bf0de93b5d0efa90dc6a43478ca88a12741e0625d407c68264e2c5bcd5909e2a902bdae735650edb7e9a7
                                                                                                                                                                                                            SSDEEP:3145728:9De0/dkW7EDe0/GjVLME6DzmcfbQVmHtNSj9:9De0OWgDe08ITfbQVm/Sj
                                                                                                                                                                                                            TLSH:59283321B58AC03AF67F51725939EAA6567D7E600B3248EBA3D87A7E0D751C10332F13
                                                                                                                                                                                                            File Content Preview:........................>............................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A..

                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                            Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                            Dec 18, 2023 22:38:59.546010971 CET1.1.1.1192.168.2.40x9f95No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Dec 18, 2023 22:38:59.546010971 CET1.1.1.1192.168.2.40x9f95No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Dec 18, 2023 22:39:12.360593081 CET1.1.1.1192.168.2.40x4a21No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Dec 18, 2023 22:39:12.360593081 CET1.1.1.1192.168.2.40x4a21No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                            Start time:22:38:38
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\ScreenBeam_Conference_Windows.msi"
                                                                                                                                                                                                            Imagebase:0x7ff61dba0000
                                                                                                                                                                                                            File size:69'632 bytes
                                                                                                                                                                                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                            Start time:22:38:38
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                            Imagebase:0x7ff61dba0000
                                                                                                                                                                                                            File size:69'632 bytes
                                                                                                                                                                                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                            Start time:22:38:39
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 06B685FB1F6826D14A4ACA5AAE1577C5 C
                                                                                                                                                                                                            Imagebase:0x1a0000
                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                                            Start time:22:39:43
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\System32\MsiExec.exe -Embedding 3481905E088C370D775B2727350976C1 C
                                                                                                                                                                                                            Imagebase:0x7ff61dba0000
                                                                                                                                                                                                            File size:69'632 bytes
                                                                                                                                                                                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                                            Start time:22:39:43
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI8B45.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6458234 90 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting
                                                                                                                                                                                                            Imagebase:0x7ff7b3240000
                                                                                                                                                                                                            File size:71'680 bytes
                                                                                                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:8
                                                                                                                                                                                                            Start time:22:39:43
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\MSI8B45.tmp-\DefMic.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"DefMic.exe" --def
                                                                                                                                                                                                            Imagebase:0x870000
                                                                                                                                                                                                            File size:28'784 bytes
                                                                                                                                                                                                            MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                            Start time:22:39:43
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                            Start time:22:39:44
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI90F4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6459640 100 ByomCustomAction!ByomCustomAction.CustomActions.VerifyDriverBusy
                                                                                                                                                                                                            Imagebase:0x7ff7b3240000
                                                                                                                                                                                                            File size:71'680 bytes
                                                                                                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                            Start time:22:39:44
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"DefMic.exe" --list
                                                                                                                                                                                                            Imagebase:0x6a0000
                                                                                                                                                                                                            File size:28'784 bytes
                                                                                                                                                                                                            MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                                            Start time:22:39:45
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                            Start time:22:39:45
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
                                                                                                                                                                                                            Imagebase:0x1e6ebcc0000
                                                                                                                                                                                                            File size:34'984 bytes
                                                                                                                                                                                                            MD5 hash:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:14
                                                                                                                                                                                                            Start time:22:39:45
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                            Start time:22:39:45
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\DefMic.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"DefMic.exe" --list
                                                                                                                                                                                                            Imagebase:0xf10000
                                                                                                                                                                                                            File size:28'784 bytes
                                                                                                                                                                                                            MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                            Start time:22:39:45
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                            Start time:22:39:46
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\MSI90F4.tmp-\sbdrvmgr.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
                                                                                                                                                                                                            Imagebase:0x1c456450000
                                                                                                                                                                                                            File size:34'984 bytes
                                                                                                                                                                                                            MD5 hash:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                            Start time:22:39:46
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:19
                                                                                                                                                                                                            Start time:22:39:53
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Users\user\AppData\Local\Temp\MSIB601.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6469109 128 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting
                                                                                                                                                                                                            Imagebase:0x7ff7b3240000
                                                                                                                                                                                                            File size:71'680 bytes
                                                                                                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:20
                                                                                                                                                                                                            Start time:22:39:54
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\MSIB601.tmp-\DefMic.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"DefMic.exe" --def
                                                                                                                                                                                                            Imagebase:0x8c0000
                                                                                                                                                                                                            File size:28'784 bytes
                                                                                                                                                                                                            MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:21
                                                                                                                                                                                                            Start time:22:39:54
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:22
                                                                                                                                                                                                            Start time:22:39:55
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6470359 138 ByomCustomAction!ByomCustomAction.CustomActions.GetSBUCRunningProcesses
                                                                                                                                                                                                            Imagebase:0x7ff7b3240000
                                                                                                                                                                                                            File size:71'680 bytes
                                                                                                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:23
                                                                                                                                                                                                            Start time:22:39:55
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\DefMic.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"DefMic.exe" --list
                                                                                                                                                                                                            Imagebase:0xca0000
                                                                                                                                                                                                            File size:28'784 bytes
                                                                                                                                                                                                            MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:24
                                                                                                                                                                                                            Start time:22:39:56
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:25
                                                                                                                                                                                                            Start time:22:39:57
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\MSIBAD4.tmp-\sbdrvmgr.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
                                                                                                                                                                                                            Imagebase:0x2543dfa0000
                                                                                                                                                                                                            File size:34'984 bytes
                                                                                                                                                                                                            MD5 hash:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:26
                                                                                                                                                                                                            Start time:22:39:57
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:27
                                                                                                                                                                                                            Start time:22:39:57
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Users\user\AppData\Local\Temp\MSIC545.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6473015 164 ByomCustomAction!ByomCustomAction.CustomActions.RemoveDriver
                                                                                                                                                                                                            Imagebase:0x7ff7b3240000
                                                                                                                                                                                                            File size:71'680 bytes
                                                                                                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:28
                                                                                                                                                                                                            Start time:22:39:58
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\MSIC545.tmp-\sbdrvmgr.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:sbdrvmgr.exe" --remove "ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
                                                                                                                                                                                                            Imagebase:0x18370f50000
                                                                                                                                                                                                            File size:34'984 bytes
                                                                                                                                                                                                            MD5 hash:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:29
                                                                                                                                                                                                            Start time:22:39:58
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:30
                                                                                                                                                                                                            Start time:22:40:01
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 9142454F69078BDCE0A87A3C5903BEB2
                                                                                                                                                                                                            Imagebase:0x1a0000
                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:31
                                                                                                                                                                                                            Start time:22:40:02
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\System32\MsiExec.exe -Embedding 1105B354BECBE4DDF142AFD791CBBACB
                                                                                                                                                                                                            Imagebase:0x7ff61dba0000
                                                                                                                                                                                                            File size:69'632 bytes
                                                                                                                                                                                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:32
                                                                                                                                                                                                            Start time:22:40:02
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSID5B7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6477312 133 ByomCustomAction!ByomCustomAction.CustomActions.GetSBUCRunningProcesses
                                                                                                                                                                                                            Imagebase:0x7ff7b3240000
                                                                                                                                                                                                            File size:71'680 bytes
                                                                                                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:33
                                                                                                                                                                                                            Start time:22:40:02
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\Installer\MSID5B7.tmp-\DefMic.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"DefMic.exe" --list
                                                                                                                                                                                                            Imagebase:0x370000
                                                                                                                                                                                                            File size:28'784 bytes
                                                                                                                                                                                                            MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:34
                                                                                                                                                                                                            Start time:22:40:02
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:35
                                                                                                                                                                                                            Start time:22:40:03
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\Installer\MSID5B7.tmp-\sbdrvmgr.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
                                                                                                                                                                                                            Imagebase:0x1d36a4d0000
                                                                                                                                                                                                            File size:34'984 bytes
                                                                                                                                                                                                            MD5 hash:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:36
                                                                                                                                                                                                            Start time:22:40:03
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:37
                                                                                                                                                                                                            Start time:22:40:04
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSIDD79.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6479218 160 ByomCustomAction!ByomCustomAction.CustomActions.WaitForUnpairDeviceApp
                                                                                                                                                                                                            Imagebase:0x7ff7b3240000
                                                                                                                                                                                                            File size:71'680 bytes
                                                                                                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:39
                                                                                                                                                                                                            Start time:22:40:10
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSIF4AE.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6485156 168 ByomCustomAction!ByomCustomAction.CustomActions.StopSBUCProcesses
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:71'680 bytes
                                                                                                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:40
                                                                                                                                                                                                            Start time:22:40:10
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"DefMic.exe" --list
                                                                                                                                                                                                            Imagebase:0x9c0000
                                                                                                                                                                                                            File size:28'784 bytes
                                                                                                                                                                                                            MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:41
                                                                                                                                                                                                            Start time:22:40:10
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:42
                                                                                                                                                                                                            Start time:22:40:11
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
                                                                                                                                                                                                            Imagebase:0x2269e290000
                                                                                                                                                                                                            File size:34'984 bytes
                                                                                                                                                                                                            MD5 hash:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:43
                                                                                                                                                                                                            Start time:22:40:11
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:44
                                                                                                                                                                                                            Start time:22:40:11
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\Installer\MSIF4AE.tmp-\DefMic.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"DefMic.exe" --list
                                                                                                                                                                                                            Imagebase:0x7c0000
                                                                                                                                                                                                            File size:28'784 bytes
                                                                                                                                                                                                            MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:45
                                                                                                                                                                                                            Start time:22:40:11
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:46
                                                                                                                                                                                                            Start time:22:40:12
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\Installer\MSIF4AE.tmp-\sbdrvmgr.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
                                                                                                                                                                                                            Imagebase:0x174a5f60000
                                                                                                                                                                                                            File size:34'984 bytes
                                                                                                                                                                                                            MD5 hash:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:47
                                                                                                                                                                                                            Start time:22:40:12
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:48
                                                                                                                                                                                                            Start time:22:40:12
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSIFFF9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6488062 220 ByomCustomAction!ByomCustomAction.CustomActions.SaveDefaultAudioSetting
                                                                                                                                                                                                            Imagebase:0x7ff7b3240000
                                                                                                                                                                                                            File size:71'680 bytes
                                                                                                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:49
                                                                                                                                                                                                            Start time:22:40:14
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\Installer\MSIFFF9.tmp-\DefMic.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"DefMic.exe" --def
                                                                                                                                                                                                            Imagebase:0x1b0000
                                                                                                                                                                                                            File size:28'784 bytes
                                                                                                                                                                                                            MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:50
                                                                                                                                                                                                            Start time:22:40:14
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:51
                                                                                                                                                                                                            Start time:22:40:15
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSIAF7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6490875 230 ByomCustomAction!ByomCustomAction.CustomActions.SetIsInstallingTrue
                                                                                                                                                                                                            Imagebase:0x7ff7b3240000
                                                                                                                                                                                                            File size:71'680 bytes
                                                                                                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:52
                                                                                                                                                                                                            Start time:22:40:17
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSI10D6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6492359 437 ByomCustomAction!ByomCustomAction.CustomActions.IsDriverBusy
                                                                                                                                                                                                            Imagebase:0x7ff7b3240000
                                                                                                                                                                                                            File size:71'680 bytes
                                                                                                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:53
                                                                                                                                                                                                            Start time:22:40:17
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\Installer\MSI10D6.tmp-\DefMic.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"DefMic.exe" --list
                                                                                                                                                                                                            Imagebase:0xd0000
                                                                                                                                                                                                            File size:28'784 bytes
                                                                                                                                                                                                            MD5 hash:F03298C90AB58E72A04E1AA310608B4C
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:54
                                                                                                                                                                                                            Start time:22:40:17
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:55
                                                                                                                                                                                                            Start time:22:40:18
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\Installer\MSI10D6.tmp-\sbdrvmgr.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"sbdrvmgr.exe" --status install ScreenBeamVirtualAudio_aafa5613-1d56-4309-9c3a-c3911d766be5
                                                                                                                                                                                                            Imagebase:0x1390e350000
                                                                                                                                                                                                            File size:34'984 bytes
                                                                                                                                                                                                            MD5 hash:C7EEAC397EC6B4EC895E89D0E43C652D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:56
                                                                                                                                                                                                            Start time:22:40:18
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:57
                                                                                                                                                                                                            Start time:22:40:18
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSI175F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6494031 452 ByomCustomAction!ByomCustomAction.CustomActions.DisableCampfilters
                                                                                                                                                                                                            Imagebase:0x7ff7b3240000
                                                                                                                                                                                                            File size:71'680 bytes
                                                                                                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:58
                                                                                                                                                                                                            Start time:22:40:19
                                                                                                                                                                                                            Start date:18/12/2023
                                                                                                                                                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:regsvr32" /u /s "C:\Program Files\ScreenBeam\Conference\\app\Filters\x86\SBCamFilter32.dll
                                                                                                                                                                                                            Imagebase:0x7ff6462a0000
                                                                                                                                                                                                            File size:25'088 bytes
                                                                                                                                                                                                            MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FFD9B4C12C0 Relevance: 2.2, Strings: 1, Instructions: 916COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000007.00000003.2284296776.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_7_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 2A_I
                                                                                                                                                                                                              • API String ID: 0-941469806
                                                                                                                                                                                                              • Opcode ID: 7dbe3024f753aaa3116a5309a08eb8b1b1b81ed6d64bac64bb1557f774289a2e
                                                                                                                                                                                                              • Instruction ID: 2abf2e7ed322f13456a5451384350e1c69e5d3ede5edc2c980c143e9a81707d3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7dbe3024f753aaa3116a5309a08eb8b1b1b81ed6d64bac64bb1557f774289a2e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8525C62B0FBC40FF77956AC58251B86BD2EF85754B1900FFE089871FBE815AD02A345
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4C1518 Relevance: .5, Instructions: 493COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000007.00000003.2284296776.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_7_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a0fe69509bf145acd991f2561c92d05c188ad35ea3b7033ea959504d818075f7
                                                                                                                                                                                                              • Instruction ID: 07d67ee3cd3091383a9a9e29395ee6c3fa4b8def67573fbf7e8af21e251edad0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0fe69509bf145acd991f2561c92d05c188ad35ea3b7033ea959504d818075f7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3BE14862B0FBC90FE779A6AC14291B86BD2EF46614B1901FFE089C71F7EC15AD029341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4C3751 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000007.00000003.2284296776.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_7_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 3c2384c0ddddb95f93991ec3480351d126065094cf2937d2fb57dde0e6a01183
                                                                                                                                                                                                              • Instruction ID: b567b20b02f0662356017729b62a81b34fb35ac60788557689685761b10d2b2a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c2384c0ddddb95f93991ec3480351d126065094cf2937d2fb57dde0e6a01183
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6791592160F6C90FE766A77C58766B17FF0EF53628B1901FAD0C9C70A3E9185846C752
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4C20FA Relevance: .4, Instructions: 350COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000007.00000003.2284296776.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_7_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 03047e42c534d747b8ed63c06a6e83f211584e7988ad03162f990a5604c1e8aa
                                                                                                                                                                                                              • Instruction ID: cff239564530c77292a068e9cf7b9782649bccf5a8cead8f04d3f8861f76c53e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 03047e42c534d747b8ed63c06a6e83f211584e7988ad03162f990a5604c1e8aa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6A10713B1E1A90AE319B7BCA4665F53FA1EF4523870842FBD0DDCF0E7DC49648A8295
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4C410E Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000007.00000003.2284296776.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_7_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c836bbab0514b00f7c9582645024d7a49c94c468af4442b93de0da8458fca316
                                                                                                                                                                                                              • Instruction ID: ff3016106fc9448f471cf407bd87fc12e1d111bc4b62ed88ac513777bc3c7457
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c836bbab0514b00f7c9582645024d7a49c94c468af4442b93de0da8458fca316
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB810670B0D6894FDB59EF6884269F97BE0EF59318B1404BED04DCB2A3DE38A9058781
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4C449D Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000007.00000003.2284296776.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_7_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 52b7cdf1d65b91e03a015c6951ffaca275b43bb7710d792e0d8eda598fa70ed1
                                                                                                                                                                                                              • Instruction ID: 3267acbaf8f0ffc9764d6ec9496f624403f1ed81744b921e45fa7a59871e6647
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52b7cdf1d65b91e03a015c6951ffaca275b43bb7710d792e0d8eda598fa70ed1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E613411F0EA9E0FE7B962A805753F92AD1EF85B18F1600BEC449C71E7ED0C9D466381
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4C310E Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000007.00000003.2284296776.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_7_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 5e0a1a8c4b4c6f72d1be7a150d282b171f4c0063122c705953b5bc40ac5fc82b
                                                                                                                                                                                                              • Instruction ID: 71b9af625d6e5e038af9631cadf251715649b83f7e23d50750eb67c02c0a267d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e0a1a8c4b4c6f72d1be7a150d282b171f4c0063122c705953b5bc40ac5fc82b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12513522F1EA9E0FE77676B808361F937D1DF8AA14B5601B6D419C72E3DC28AD025742
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4C34E1 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000007.00000003.2284296776.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_7_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c5cb0ad537b2e7ef4e95cda4c2bcdf1531cca2736476eb34c3f771449c732f66
                                                                                                                                                                                                              • Instruction ID: 4809bac1b8325f2892155251a3c31017ffe4589aa7750160294a41578867bc5f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c5cb0ad537b2e7ef4e95cda4c2bcdf1531cca2736476eb34c3f771449c732f66
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5861F330B0DA4C8FDBA5EF6CC8599F97BE0FF59305B0500BAE449D72A2CA35A841CB40
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4C1D90 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000007.00000003.2284296776.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_7_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 45c917c0722340cc9103825c58de663bd3ed2353e538a3f7f7285c8300a5283d
                                                                                                                                                                                                              • Instruction ID: 26d3933ea1272f25525a638c9abf131862546412a9afd28657ee857545b035c6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45c917c0722340cc9103825c58de663bd3ed2353e538a3f7f7285c8300a5283d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63410711E0FB9A0FE7AA666848756F53BA1DF56654B0601FBC048CB1F3ED4C6D468342
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4C1C51 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000007.00000003.2284296776.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_7_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 1e10695742589c4159a5c93268e8f42fc803213b020c6ae9a1c6a938ac7b56a4
                                                                                                                                                                                                              • Instruction ID: ace3c78345a2b124d9931b384f1a3011989fb42bcc4000df4a027ff8e82fa987
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e10695742589c4159a5c93268e8f42fc803213b020c6ae9a1c6a938ac7b56a4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C41D53191E7CD4FDB2AABA958655F57FA0EF13329F0401BFE089C31A3CA582516C746
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4C2C25 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000007.00000003.2284296776.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_7_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: fee2d332b3bcc9061f532ab440e251e179f875e338c4b13f42d619baae66fd84
                                                                                                                                                                                                              • Instruction ID: 21240b2b1b79aa9dfe719424baced82e864a2befeca26cdf45b87294abe55ab4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fee2d332b3bcc9061f532ab440e251e179f875e338c4b13f42d619baae66fd84
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C214812F0FAAA0FE7BA72B854751F92B91AF46A24B0602FAC058CA1E7DD4859435381
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4C39FC Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000007.00000003.2284296776.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_7_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 39da4c927997e01100472d864aa2723d335e9434d01fb98a32e7660bc55acce9
                                                                                                                                                                                                              • Instruction ID: 16e71c7b98b95ac56a2bb0f122fbea2315b337c0c60b7e845a1f58fb60d43d35
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 39da4c927997e01100472d864aa2723d335e9434d01fb98a32e7660bc55acce9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5921052070E58E4FD7A1FAA484766FA77A1EF4A708B1505A9C44DCB1B6CD3ADA51C700
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4C3168 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000007.00000003.2284296776.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_7_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 73787e7e3e31795cfc448f24f5629eb6e8174edfbc58c290e68c6c57ed3907f9
                                                                                                                                                                                                              • Instruction ID: 69a373947f70b9382f0535e97c47426ae39bf1484c867d53b63bdbef7c475865
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73787e7e3e31795cfc448f24f5629eb6e8174edfbc58c290e68c6c57ed3907f9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4F08611B1FC5F09F27731EC16B62F961C1EB45A2CFA61535D82DC61F2DC28FA522542
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4C48A1 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000007.00000003.2284296776.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_7_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: e75f7fb7380c726548abcf3f23e1444cfd9b3673e7deea0476d88528b0b6ac32
                                                                                                                                                                                                              • Instruction ID: 060e90b14801ce1787742a1607754e938b10e7d85d7724e66043c291948f6dbc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e75f7fb7380c726548abcf3f23e1444cfd9b3673e7deea0476d88528b0b6ac32
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72F0FF1450E2C94FDB62A77C5870AB27FE49F03628B0940EEE0D8C60E3D8881986C3A6
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4C27D7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000007.00000003.2284296776.00007FFD9B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_7_3_7ffd9b4c0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: bf1a68f9c1d3a87a85940ac658332253110b7e66b33c94fbe019d704371cff47
                                                                                                                                                                                                              • Instruction ID: 05d1d47d63551489a07c923460a289d40ad1160d32cc02cd4fd414d417ae563d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf1a68f9c1d3a87a85940ac658332253110b7e66b33c94fbe019d704371cff47
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2E07D3360F94C5BCB10EA9A7CA04CA3F98FB8D318B01012AF48CC3251E2525511C351
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 01221538 Relevance: 2.6, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $^q$$^q
                                                                                                                                                                                                              • API String ID: 0-355816377
                                                                                                                                                                                                              • Opcode ID: 3ddc9d89504e03d7675fef80eb7ba7b36299371abea2fcdab1e0f7d624b7a7a4
                                                                                                                                                                                                              • Instruction ID: e78d9cbbbbd3b35665defa9c82fcb68e63b0ee33d7d427e8a6c74d1bc81b4a4b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ddc9d89504e03d7675fef80eb7ba7b36299371abea2fcdab1e0f7d624b7a7a4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1421B131D1071EDFCF15AF68D8449A9F7B4FF45310B0586AAD5096B222EB31E894CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01221529 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $^q
                                                                                                                                                                                                              • API String ID: 0-388095546
                                                                                                                                                                                                              • Opcode ID: 33e7e40f342a9c7e28b1ded321aa26777cfb71d9e5af6de0e60d9bf41faa892d
                                                                                                                                                                                                              • Instruction ID: de866d9a2429889aa87eb087134861cb898fb7a159ee5b801c13abff77d186cc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33e7e40f342a9c7e28b1ded321aa26777cfb71d9e5af6de0e60d9bf41faa892d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E021F431904759DFCF11AF78D8548A9FB71FF45300B098AAED549AB222EB31D494CB91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01220848 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9607591a44c84a0f7179e2ca19e58188b474bfe34b2b3e6cac7adf3f9de179f4
                                                                                                                                                                                                              • Instruction ID: e2ecdb466e1ef3c3e0f93506a4669eff4a2215077135d709d674baf098b8c8eb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9607591a44c84a0f7179e2ca19e58188b474bfe34b2b3e6cac7adf3f9de179f4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6461BD30A10316DFDB05EF74D8546AEBBB2BF84704F008569E606A7365DB719C85CB86
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01220E08 Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 595fc8ce367110a67556762ad673220580de517bd725b71971c5e990670b62c7
                                                                                                                                                                                                              • Instruction ID: 1c1e7319a7fb0d3be4ec5a539c920f399986403697c9c3d076bac223ee11dc46
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 595fc8ce367110a67556762ad673220580de517bd725b71971c5e990670b62c7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22418F2155E3D04FD303A73C98A11ADBFB1DE83604B1A44EBD1C5CB2A7CA55888BC766
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 012212E1 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 3033a6c72ef8a97d3f437065a932cd2900bc2aa3ee27b37405a837e388fc3f8d
                                                                                                                                                                                                              • Instruction ID: 2ea909a3bccc52718368e04f8d488078bfffca638d4299ddea002a835a776b9b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3033a6c72ef8a97d3f437065a932cd2900bc2aa3ee27b37405a837e388fc3f8d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6516032D50B4AAAE710DBA4CC45799F371FF9A700F61CB16F6483B191EBB0A1D4C641
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 012212F0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 38be2fd4084a40c8ccfa4198c521025bafe69b9e0a267625461977d59f926c93
                                                                                                                                                                                                              • Instruction ID: c957263ee4b6d665c570f8bd8a1057e2cfc56a74b4ee122e3f5c9df3d255bb9b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38be2fd4084a40c8ccfa4198c521025bafe69b9e0a267625461977d59f926c93
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B513F32E50B0AA6E710EBA5CC45799F372FF99700F61CB15F6483B191EBB0A1D4C681
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01221B08 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d44ec37520ae5f4c48f9b4c2ed98327a4a8410ea585a33aaca288a347f0401cc
                                                                                                                                                                                                              • Instruction ID: 068035c7dcef362cd988b29694f8c36ee5565cb5270ba40985ace1c60cbb3df4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d44ec37520ae5f4c48f9b4c2ed98327a4a8410ea585a33aaca288a347f0401cc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4417532E1074A9ACB01DFB9C8508DDF7B1FF89300B11C66AD555BB115FB30A596CB91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01220ED8 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d71c8229deb0b0cc106a9d4cdfa5607894362eb5ded3974cc3ae3f4b12940eed
                                                                                                                                                                                                              • Instruction ID: f6b42e2853fd3f91a4145f5d44fb27e20541fc5625d1be1823b4f6401dfbdf43
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d71c8229deb0b0cc106a9d4cdfa5607894362eb5ded3974cc3ae3f4b12940eed
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1911572194E7D01FD313A73858665A97FB48E83A04B0A48EFD0C1CB1A3C994484AC766
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01221C74 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 1af7609a6c357895ea0163f044cb41d5fdb0802c398ae2ac432dfdee763d0de7
                                                                                                                                                                                                              • Instruction ID: 7cd428f81aa6c716a219dd1f39efbe64584c0ef56f0e6607e40e686630b5c07f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1af7609a6c357895ea0163f044cb41d5fdb0802c398ae2ac432dfdee763d0de7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C4112B1C10359DECB10DFAAC994ADEFBB5AF48300F20812AD459BB254DB746A45CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 012217C9 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9b8b523775f27a4f782efb3496e24d45d28a36df1e7a81cf93e60a6740af3fbb
                                                                                                                                                                                                              • Instruction ID: 3c867a0f18089f0a985c1e844edc7e0b2d4dc533cae79b6f92aaba52634d990d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b8b523775f27a4f782efb3496e24d45d28a36df1e7a81cf93e60a6740af3fbb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF31B432E1070AABDB11DFB9D8904EEFBB2FF84300F11C62AE554A7251EB70A595C781
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0122118C Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 0c177a2a55d6417c27fd346f7af6c13e2f5dc49c3c22cec5bbc36d4301a99293
                                                                                                                                                                                                              • Instruction ID: 19e3f6005908834e12a1d002f92c22978af07bf9d0b35c18302534f33bbeb18b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c177a2a55d6417c27fd346f7af6c13e2f5dc49c3c22cec5bbc36d4301a99293
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB4126B1D01268AFDB14CFA9C995BDEBFF5AF49300F24812AE408AB294CB345945CF50
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01221674 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f8a31e800aaa95e825497fbea0b8cf0b5a36ee407903d5bdfba8f4ce4c14b280
                                                                                                                                                                                                              • Instruction ID: 7514e9f8968d3acc31488485858b2ad5957eacdda5fd640a8ed37dca3af10b15
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8a31e800aaa95e825497fbea0b8cf0b5a36ee407903d5bdfba8f4ce4c14b280
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC4147B1D01258AFDB18CFA9C994BDEBFF5AF88300F20802AE405BB250DB345945CF94
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01221C80 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: b1875a8a3e296b120ee520741c64582589121e4578b5f76594db0e0ebb62e9f0
                                                                                                                                                                                                              • Instruction ID: 620cf24a0b58c7922d3cfed8eebe4098b8211b172cef1ff4ba8ba3ddf3c98b70
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1875a8a3e296b120ee520741c64582589121e4578b5f76594db0e0ebb62e9f0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A41F3B1D1035DDACB14DFEAC984ADEFBB5AF48300F20852AD419BB244DB746A45CF94
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01221198 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 5d03f85c315a6032275e194c6623866e58ad8c376751445568ca0c869339b6b2
                                                                                                                                                                                                              • Instruction ID: e618ea9ffee1a4af144a5c8d1bea8ce61ffbef9a3a38051085bd66b9a344bda0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d03f85c315a6032275e194c6623866e58ad8c376751445568ca0c869339b6b2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 113133B1D00228AFDB14CFAAC984BDEBFF5AF49300F20802AE408AB254CB745945CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01221680 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: bdc5cad69d27efac50486b96f10bee750b8ecf6c36251777a50c316b1cd85877
                                                                                                                                                                                                              • Instruction ID: 0bab43de8212264d93eca3d9d6737a081274eaf5f93eac40ed25b6a32e1ad3d0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bdc5cad69d27efac50486b96f10bee750b8ecf6c36251777a50c316b1cd85877
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 083115B1D11258AFDB18DFAAC984BDEBFB5AF88304F20802AE405AB254DB745945CF94
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 012219F5 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: bfb132e2b39770585af9de5053690445cc5cb0eae5332329188b4e9f316d9ac6
                                                                                                                                                                                                              • Instruction ID: cb41d43685836391e33b92d80149a7c04264402a4bcf6e977e093b127ec4b943
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bfb132e2b39770585af9de5053690445cc5cb0eae5332329188b4e9f316d9ac6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E3103B1C00258AFDB24CFAAC485BDEBFF4AF48310F24802AE459BB250CB755845CF94
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01220830 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: abfce7b8bcbf9b5f3495a4db230fa27644be14b1105d04b18fa8efdc1454d4d9
                                                                                                                                                                                                              • Instruction ID: ec333746f26f6d5c45112339dce875cd47745bdf6e73a59e6e3f6f56705a7c29
                                                                                                                                                                                                              • Opcode Fuzzy Hash: abfce7b8bcbf9b5f3495a4db230fa27644be14b1105d04b18fa8efdc1454d4d9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13213530B103624FDF169B3488143BE7BB2AFC1A04F05455ADA49A7399DB358C0BC382
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 012218E4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: e191121603dae8090088b4cefb52d7f111a8397bd707e0e15ea9b43e9b3ca66f
                                                                                                                                                                                                              • Instruction ID: ce078a21f1216054e0c18afded4889fef126788b18ba59445bf7ae8304c100c3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e191121603dae8090088b4cefb52d7f111a8397bd707e0e15ea9b43e9b3ca66f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5831E3B1D10258EFDB14CFAAD485ADEBFF8AF08310F24802AE459B7254CB745846CB94
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01221A00 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: fa15b7d8a02d20c44944f8f12989abe057481a4ffcd1ea42feaff3adc9707034
                                                                                                                                                                                                              • Instruction ID: 37063a6f19cabb716b233dd128e1729fbbaaa8453f061661f00df263bc21db15
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa15b7d8a02d20c44944f8f12989abe057481a4ffcd1ea42feaff3adc9707034
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF31D4B1D10258AFDB14DFAAC484BDEBFF9AF48310F24802AE419AB250CB755945CF94
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 012218F0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: cba970cf272ca0d9c4090aaa631a8efb838a825e0ce387b21e55bf0bf4469974
                                                                                                                                                                                                              • Instruction ID: d8e6cad71b3f2ecc8419d434e050e5b5cf3d83c87dbba2b193166f8a6be11d52
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cba970cf272ca0d9c4090aaa631a8efb838a825e0ce387b21e55bf0bf4469974
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D421D3B1D10258EFDB14DFAAD484BDEBFF8AF08310F24802AE559BB254CB745945CB94
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01221028 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 46d6b08f7f90bf89a84fa96ad6550e282b4cb6e7c233f0c143bc8db3e035fc9f
                                                                                                                                                                                                              • Instruction ID: cbf95587564de922db3b8d3d15a818e0a54948c67e6577c4bf5eeee519b1d5c9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46d6b08f7f90bf89a84fa96ad6550e282b4cb6e7c233f0c143bc8db3e035fc9f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE012631B043455FD706DB75E8115ADBFA2DFC1340705C5BAD459CB2A5DA359806CB00
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 012210B9 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: bca1875602b48a8dc6429dc6ea2f2f351f73bc1f1aaffa9ab0812f0552493cc3
                                                                                                                                                                                                              • Instruction ID: af9870d6b345ca510a594915b5b8c5b89831ebb02d5fb546dacbae730f5e523c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bca1875602b48a8dc6429dc6ea2f2f351f73bc1f1aaffa9ab0812f0552493cc3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24F0F631B041486BCF15DAB4D855CEEBFA69FC4300F04C46ED54657291DA319916DB91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 012210C8 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 5848d9fe80cf21d383b0e6d39dd90053ed88f84f207d3a55832c36ac0547064a
                                                                                                                                                                                                              • Instruction ID: b174a0fab273a9e1fcc46ed38344eaf5e1b1a474c50e8d54d3cc74708cc00939
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5848d9fe80cf21d383b0e6d39dd90053ed88f84f207d3a55832c36ac0547064a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15F08231700118A7CF14DAA5D915CEEBBAAEF88304F008039E605AB290DE36991597E1
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0122161F Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 53ecc4d46fa59a01bfeb39fd3555f32d9f7ff43253cc2c7f42bee7a4c00c0e86
                                                                                                                                                                                                              • Instruction ID: 84f908f5adc69fa3405e32041c1866dba27c16ff9366d177c4eba2a47841f240
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 53ecc4d46fa59a01bfeb39fd3555f32d9f7ff43253cc2c7f42bee7a4c00c0e86
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15F0A731A452497FCB15DB709D559AEBFA68B81204B0AC4ADD44DD7142E9318A06A781
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01220AD1 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 116c37167d7e24c098ccc69814de3978365ebfdde1e8588a885bfdf6c936c619
                                                                                                                                                                                                              • Instruction ID: 2b40738a9b2eb49f2c19910c60327695cf25f8b55cb6ca03cb2718b81800bce7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 116c37167d7e24c098ccc69814de3978365ebfdde1e8588a885bfdf6c936c619
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02F01730D01248EFCB01EFB8E9556DCBFB0EB44304B6086A9D809E3225EA301A45AB41
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01220AD8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: adf2f9eff3598102a316c42ce4027b03c2c96a778a27bee7a98b842c7f93da33
                                                                                                                                                                                                              • Instruction ID: cbc8473eeddcdfe237af56ed403af5844cbf000914bf6fd6413d5ae4efca90a8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: adf2f9eff3598102a316c42ce4027b03c2c96a778a27bee7a98b842c7f93da33
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9BF0983490120CEFCB40FFB8E9456DCBBB1EB44704FA085B9D809E7255EA316F45AB41
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01220B39 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d9bf73d59ca63345ca6155ae23087bcad37b067c5d27fccb89baad2132559c1c
                                                                                                                                                                                                              • Instruction ID: b4a3ea326441f6bd18fba6be33069d3ef63bf9dae502d4fefb607521ca7c634c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9bf73d59ca63345ca6155ae23087bcad37b067c5d27fccb89baad2132559c1c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75E0C212388A910FC303676CA86019C9BE28DC161074E01ABD154DB26ADE189C498392
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 012208FF Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000008.00000002.2283734902.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_8_2_1220000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: cb18a4ab48acbb3ed2bbeab297bf1c90531975598bb2a6a0fc751edda38e6eb6
                                                                                                                                                                                                              • Instruction ID: 6c2fecf761de3fdd5c204d5a31e60373a8b6d5576b58e36807ea08bfdd4e6e9b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb18a4ab48acbb3ed2bbeab297bf1c90531975598bb2a6a0fc751edda38e6eb6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8CD09E35740129CFCF00EFA8D5445DC77B0EF98715F000169E209DB270D7759855CB55
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FFD9B4B12C0 Relevance: 2.2, Strings: 1, Instructions: 907COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 2B_I
                                                                                                                                                                                                              • API String ID: 0-979045943
                                                                                                                                                                                                              • Opcode ID: 3f2b988b63a82fc980d3992625bfe66fd3892d45bae39dc5ed98d008d9444be8
                                                                                                                                                                                                              • Instruction ID: 41587362ea03e3c3b0aab8f51c7e99887b0e4b6b13511f6f417f3c23d1e17987
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f2b988b63a82fc980d3992625bfe66fd3892d45bae39dc5ed98d008d9444be8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7528B63B1F6D50FEB3996AC586517C6B92EF85360B1900FBE08C871FBE814AD01E741
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B1518 Relevance: .5, Instructions: 490COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 31490322ec136c1764d1084810ac1dc89d2e53f8791aaa06f91853bc25e22937
                                                                                                                                                                                                              • Instruction ID: 253b87ac7ffcb41ac84d01853b7ffcb7a8a98376d16797052326a4753ee20a91
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31490322ec136c1764d1084810ac1dc89d2e53f8791aaa06f91853bc25e22937
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96E14562B1FAC80FE7799AAC54691BC6B92EF95314B1900FFD089871EBDC14AD02D781
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B3751 Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c36c901d0daeb17d414638ba10233ea51cc59da0153f0d6cfd752c06f194bed2
                                                                                                                                                                                                              • Instruction ID: 724ed1e5a0f63a270cd503d86dea87d176e296c6e8168f637127ec730a6c3f6b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c36c901d0daeb17d414638ba10233ea51cc59da0153f0d6cfd752c06f194bed2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB916B2160E6D94FE766977D98746757FE0EF53328B0901FBD1C8C70A3E908A846CB42
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B39B9 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                                                                                              • Opcode ID: f0e012843623730e80d44baf4642d247a9be786179187608d85aa9f5f8e98f12
                                                                                                                                                                                                              • Instruction ID: 23014d115d75946a83e3e7e714674aaa0af2cfe3cd64723408511418931ad0eb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f0e012843623730e80d44baf4642d247a9be786179187608d85aa9f5f8e98f12
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0310C2060E6C55FE316ABB8442617EBFE4EF4A715F0904FED489CB2B3DE249901DB41
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B486F Relevance: .4, Instructions: 404COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f27d8948a3d02bb74e896fa6019948677d2424bb1180a061d73c3fa191570db3
                                                                                                                                                                                                              • Instruction ID: e8b1afdd27a9956b9ed1a5c4d437d03b9cd0fcb0d4b01a7f10fe863ee3705eda
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f27d8948a3d02bb74e896fa6019948677d2424bb1180a061d73c3fa191570db3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1ED10820B1DA890FE71DAB7854265BDB7D1EF99304B1504BEE04EC72E3DF28A9029785
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B21D7 Relevance: .4, Instructions: 366COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: e37ce36da3ab1851a91d2c93cb89058048d7c79c0da399973e70bad266c8f70f
                                                                                                                                                                                                              • Instruction ID: 5d92c5c7bf21c4591480d871e2b16c82efd61b7b5651a40dd4f60f4f2dc28a6f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e37ce36da3ab1851a91d2c93cb89058048d7c79c0da399973e70bad266c8f70f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67B14621B1E9990BEB1DBB7C54265FC7BD1EF45318B0541BEE04ECB1E7DE28A9028781
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B48F5 Relevance: .4, Instructions: 352COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 55f13b7c4f8322ee0d14d567d91dd2ab863cc59bdf023687299fbad2f79332e9
                                                                                                                                                                                                              • Instruction ID: cdd51f1101715242e8283fdebbcec4e4ff9ebd6c0e5b91c7d5b4056cba61c2a5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55f13b7c4f8322ee0d14d567d91dd2ab863cc59bdf023687299fbad2f79332e9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3CB11720B2DA490BD71CAB6C54265BCB7D2EF98304F5504BDE04EC72D7DF28A9029785
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B22E5 Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8fa625b0eb0e81302c852fa523e105c869a28d97f0f47d117a4d6e6d5286281b
                                                                                                                                                                                                              • Instruction ID: 3163bf7c04e23fe8fba72761e5343f1c0cc98cef797dcad0a17061fc2485df3f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8fa625b0eb0e81302c852fa523e105c869a28d97f0f47d117a4d6e6d5286281b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0EA14931B1E9590FEB1DAB7C50265BCB7D1EF58708B0504BEE00EC72E7DE2899029B81
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B4949 Relevance: .3, Instructions: 321COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 90b61a3bf084236f03ecd43591e5ddf9ec9b05c524d7fee4d8ce200e31c715ea
                                                                                                                                                                                                              • Instruction ID: 93884c6dc80015fb9fdb4a9fb5d9cab5b704361219db49b794999cd0c7db639b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 90b61a3bf084236f03ecd43591e5ddf9ec9b05c524d7fee4d8ce200e31c715ea
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0AA10620B2DA490BD71CAB6C94365BCB7D2EF98304F5505BDE04EC72D7DF28A9029785
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B4DED Relevance: .3, Instructions: 319COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: ea253c7c5ce970c7227040400510b17b583cdf3b2cea77243285ac04c6bdade2
                                                                                                                                                                                                              • Instruction ID: 42a9c1009baae5f8cada439e508a5ad01b6621ad2caf2aa227a9a790911ac620
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea253c7c5ce970c7227040400510b17b583cdf3b2cea77243285ac04c6bdade2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5A14731B1EA990FEB1DAB7C54265BC77D1EF58708F0500BEE00AC72E7DE2899029781
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B2258 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 625abd8160d490c2b4cc53be0a816e02572a60ae97c6b5cd1427a0dbd80dc87a
                                                                                                                                                                                                              • Instruction ID: 78039993b4c69a6a9f6e2b67d562ed9e9c6986f0bdf5e2660945a4f5e56ac686
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 625abd8160d490c2b4cc53be0a816e02572a60ae97c6b5cd1427a0dbd80dc87a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59912731B1E9990FEB1DAB7C54265BC77D1EF58708F4500BEE00AC72E7DE28A9029781
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B4E75 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 33cc1bf1f3107bca3bfd3564286b3fed957d99c02e3d855521854bbf9520a337
                                                                                                                                                                                                              • Instruction ID: b88914a42e41d1fff9711c3bbd83d218d9c80f7ce495f9827c0a38ade3577823
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33cc1bf1f3107bca3bfd3564286b3fed957d99c02e3d855521854bbf9520a337
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB812720B1D9990BEB1DAB7C50365BCB7D1EF58708F4500BEE00AC72D7DE2899029785
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B3D5A Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8428b98cc98609189c883fd97020199f95ecd34048fbb1ff7f5b9c0b603c1210
                                                                                                                                                                                                              • Instruction ID: 06d4ef17937fbea4d6c8031a493ac9126111d30097cfeb807eade3a9c8f71973
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8428b98cc98609189c883fd97020199f95ecd34048fbb1ff7f5b9c0b603c1210
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75619610B0EA9A1FE7A5A7BC14762BD7AC1EF85214F0405FFE04AC32E3DD1CA9419B42
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B4EC9 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 31a3495c4ce9775fabebe1ded7709e98c958d822b86f4435c7055ed09483329f
                                                                                                                                                                                                              • Instruction ID: 8386c62004888a9bb9ad34b1efa544342cd2f25504a696ed685b9c0a2d544bd1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31a3495c4ce9775fabebe1ded7709e98c958d822b86f4435c7055ed09483329f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C612620B1D9990BEB1DAB7C50325BCB7D1EF58708F4500BEE00EC72D7DE29A9029B85
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B310E Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 96f10b255c4113a141a12ec14d9eb5b4548e7050a0edf908f55e05bce2cc851b
                                                                                                                                                                                                              • Instruction ID: 856ec60268e1823748cb9b13eb3fc36cecda70416e2fecf17dfca33358350e7c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96f10b255c4113a141a12ec14d9eb5b4548e7050a0edf908f55e05bce2cc851b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62513411F1EAAE0FE77956BD08361BD3BC5DF8A214B4601BBD519C72E3DC08AD025B41
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B225D Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: ee127226f628e410fd870ba68ba011510deaac530c1279571557589a3627011c
                                                                                                                                                                                                              • Instruction ID: 80555f4deb5bfc4467e2999844b134eb0bd764cc1545dc8f4967b69db860f4a1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee127226f628e410fd870ba68ba011510deaac530c1279571557589a3627011c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F518C23B0E95A0FE359BBBCA8665F97BD0DF8532470901FBD499C70A7DD08684B8381
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B2C25 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: de1140c40c5e9baceceec2e7790acf86c8e8e83d35ec5041bf6fd2d942cea95b
                                                                                                                                                                                                              • Instruction ID: fb92aceace1e2eb87d229dd5154deba8a1f25fddc6d7a61cbf7294b2d30f6ac2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: de1140c40c5e9baceceec2e7790acf86c8e8e83d35ec5041bf6fd2d942cea95b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37514511B0FAAE0FE7BA56B854352AD2FE0EF4A214F0605BAC158CB1E3E908594A9341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B34E1 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 50c919fd986932cc6c1222537edcf5f2ee6861602fbc8d2bbe6091436dc16a06
                                                                                                                                                                                                              • Instruction ID: 1156609467c83c427a47facceacbc752c6e709e135a59df82cb45fda6a293976
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 50c919fd986932cc6c1222537edcf5f2ee6861602fbc8d2bbe6091436dc16a06
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 84519F30B19A1C8FEB55EF6DD859AED77E1FF58315F1400BAE409C32A2DA35A8418B40
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B3B28 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 00972fc0342e8862ac772a5ed378c226ad983597d9ca784fb991d72d5b672c98
                                                                                                                                                                                                              • Instruction ID: 9d4eef7363cf2d7eb4eaf59127d23a5caccc40fef320ba31086e0e6c1d816e98
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 00972fc0342e8862ac772a5ed378c226ad983597d9ca784fb991d72d5b672c98
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C510530A0D9998FDB55EFBC88161E9BBE0EF95300B1905FAD419CB293DA359842DB81
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B1D90 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 364a0b52b7fec21e6cda8a260230e05841195a34d8d573840de7e7ec11bddfac
                                                                                                                                                                                                              • Instruction ID: abdf0e43475855db9a4bd7aac7d156483dfd8cf7a42328be5c16c6eac65fd343
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 364a0b52b7fec21e6cda8a260230e05841195a34d8d573840de7e7ec11bddfac
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28413911E2FBAA0FE7AA977848756A83BA1DF56250B0601FBD148CB0F3ED4C5D468742
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B1C51 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 48c0bb14ffdb01ab90d8a334046564356b892a8c96d3bc58ef685b46452ac271
                                                                                                                                                                                                              • Instruction ID: 1d5adb0db4673064f94400c73d7ad186b8f77c666749876ff84aadbccdf03b87
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 48c0bb14ffdb01ab90d8a334046564356b892a8c96d3bc58ef685b46452ac271
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A41D33091E7C94FDB2A9BA958645B97FB0EF13329F0401BFD089C21A3CA582416C746
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B3BE2 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a0bf18157ec126eaeca4c15db9bc02eab8c3e35c8e2b3b8bd296e42974e1a5a9
                                                                                                                                                                                                              • Instruction ID: 59a1f8758d6f96a79047f95b24bd8e23c11d1a09070431463fe5dfac91e44982
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0bf18157ec126eaeca4c15db9bc02eab8c3e35c8e2b3b8bd296e42974e1a5a9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8411530F0D59E4FDB65DFAC84252A9BBE0EF59304B1808FED409CB2A3D925A902DB41
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B51FD Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: aa56efeca96731fc3371a2263bc3efe80ce27c253b44f3136de632d59cde2f6c
                                                                                                                                                                                                              • Instruction ID: a0a625685b441bfe596da559a34e1e706a2707dcc9aacc34b8a0d181714beb72
                                                                                                                                                                                                              • Opcode Fuzzy Hash: aa56efeca96731fc3371a2263bc3efe80ce27c253b44f3136de632d59cde2f6c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15415A12B0FA5E0FF7A8A2BC047527D77C1DF98224B1500BAD549C72E2ED08DD455742
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B41AD Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d535e0dd29e2f4430c96f6bf96aa1468b08ce4a7630aec1a4e3d3561a2655b6b
                                                                                                                                                                                                              • Instruction ID: fad8f645877d8e0e4aa04c0f75c447e4504335ebd0c403f65e572b49a1b0fcc5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d535e0dd29e2f4430c96f6bf96aa1468b08ce4a7630aec1a4e3d3561a2655b6b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B312830E1962C4FE758EBAC98565FD7BE1EF59310F0501BFE409D72A2CE256801CB81
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B02E0 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c0060f90b1f6bc2da5d1be78a4b67f89d12ef5c60ff44724d444f2c96fc23f4b
                                                                                                                                                                                                              • Instruction ID: ac452d7c734983be268bbb2465c74d4b89f2b71db93481674edf007e18588e7e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0060f90b1f6bc2da5d1be78a4b67f89d12ef5c60ff44724d444f2c96fc23f4b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC31E530E1962C4FE758EBAC88565FD77E5EF49310F0541BBE409D32A2CE246810DB81
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B3ECA Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 4a6f910d91fe9edd374f988d929a46f9e7347d8971470740a174931296ab6ad1
                                                                                                                                                                                                              • Instruction ID: 2c507ba29d1ea84d3a53f8f143f4ef302a598ca19b508601df02042b2f3f5e1e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a6f910d91fe9edd374f988d929a46f9e7347d8971470740a174931296ab6ad1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32110620B1D91A56E764AB6954F56BD61C2EFC4308FA0593EE10FC22E6CD2CF9412A01
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B3168 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f14fdccdeb1b91b64197b96a4158ca94c38593c210c95f9a2cf1cbefce8e943f
                                                                                                                                                                                                              • Instruction ID: 5fd56e2cdba77fee29d982ccd8e4105f27dfa6289c23d63f15cb53f4bdc19382
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f14fdccdeb1b91b64197b96a4158ca94c38593c210c95f9a2cf1cbefce8e943f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11F06211B1AC7E05F27611EA16652BD2185AB4522CFA60536DA2DC61F2DC08EA522D51
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B5491 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 922f9794b45fc582e37455efb66f303eeb97774e4d7157d3ba7cdd78b3679780
                                                                                                                                                                                                              • Instruction ID: c886f7185596f31fc04bf0c5ad07603ba4fcf5b8bd4440709d820c3f59b006e8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 922f9794b45fc582e37455efb66f303eeb97774e4d7157d3ba7cdd78b3679780
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63F0222465F5E94FD767A3BC4870665BFE0CF07219B0900EAE0D8CA0A3D88C0D86C302
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B27D7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000A.00000003.2305625659.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_10_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c176c493c913130632a958d06bd99830177f7ebe8e1f3a7ff2efe9b86cb88668
                                                                                                                                                                                                              • Instruction ID: 482f06afbf8c7f7d01d337c2106e2a8d71e3c13c79eb3284e2e96b3e8398fbe8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c176c493c913130632a958d06bd99830177f7ebe8e1f3a7ff2efe9b86cb88668
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CCE07D3260F94C5BCB10EA9A7C604CA3F98FF8D318B01012AF48CC3251E2125511C755
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 029D17F8 Relevance: 2.6, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $^q$$^q
                                                                                                                                                                                                              • API String ID: 0-355816377
                                                                                                                                                                                                              • Opcode ID: 9e7f735f774de54087ef83a18ec7ee843b2036b145a63941ff1b2e3d0391ff0a
                                                                                                                                                                                                              • Instruction ID: cbc48fdf25f58f57e929e47e7132cad3f7cdb395608e096142244bea36880ddd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e7f735f774de54087ef83a18ec7ee843b2036b145a63941ff1b2e3d0391ff0a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4021B132E00709CFCF14AF68D8448A9F7B5FF45304B0586AED4096B225EB71E489CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D17E9 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $^q
                                                                                                                                                                                                              • API String ID: 0-388095546
                                                                                                                                                                                                              • Opcode ID: 59410ef8cc253fe8562646aac2292a62c3e830de538e5ac6d5dda8d7c80a132d
                                                                                                                                                                                                              • Instruction ID: d446225b17fded5043f2ed9528c02136744bbc881ea4201eb1cd0781f0fb906f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 59410ef8cc253fe8562646aac2292a62c3e830de538e5ac6d5dda8d7c80a132d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1721C432D04749CFDF119F78D8544A9FB71FF46300B098AAED4496B222EB31D485CBA1
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D0848 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 611417885b43f9a098e4867f215adc9e93f3c7d5cc9c6b47e2b882b628e3b0d1
                                                                                                                                                                                                              • Instruction ID: a02ffcf7dc4ea5b0626360cf61e4270607505e7b11db821d388fcfcc67c0b816
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 611417885b43f9a098e4867f215adc9e93f3c7d5cc9c6b47e2b882b628e3b0d1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5261AB30A00306CFDF15EFB4D9586AEBBB2FF85704F008869D805AB368DB719846DB91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D15A1 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: caabe8560d73ae2b45b691614937b9ba4332a95bc7295aac27dd6002a410c246
                                                                                                                                                                                                              • Instruction ID: 80359608edf736a152191009966748fc666c9065284e4d77027c601c1c861f0b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: caabe8560d73ae2b45b691614937b9ba4332a95bc7295aac27dd6002a410c246
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6517032E50B06AAE710DBA5CC45699F371FF9A700F61CB16F6483B191FBB0A1D4C691
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D15B0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 01639b101deefa8e0cfd7083abc5830e5823a42afb0d42c8a26d38bc1f4077aa
                                                                                                                                                                                                              • Instruction ID: 11ed169dc30b76492961a0c4bdaa93be63dcbe3c59dfdecf21334fff24c2213e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01639b101deefa8e0cfd7083abc5830e5823a42afb0d42c8a26d38bc1f4077aa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF513E32E50B06A6E710DBA5CC45A9AF371FF9A700F61CB16F6483B191FBB0A1D4C691
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D1DC8 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 663e2775e64746a80af3023108a413f4aab9f9ce4d54f7ebe5dcdd71f8cf4f09
                                                                                                                                                                                                              • Instruction ID: a0b017cabfdb163d9a9dfe62e5f435d70833e34f332fc5ac383ca39c5ca4de64
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 663e2775e64746a80af3023108a413f4aab9f9ce4d54f7ebe5dcdd71f8cf4f09
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5416032E0074A9BCB01EFB9C8504DDF7B6FF95304B11CA6AD959BB211EB70A585CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D0F20 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 52f787bf4409a8c185262986a9c3f0579e69a4cde0201a20772d4498dc3dccca
                                                                                                                                                                                                              • Instruction ID: 47cc6f9e42a38a058a2c519559c9cffc78cb62d1edfe66970e8b5e74a1cf96fe
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52f787bf4409a8c185262986a9c3f0579e69a4cde0201a20772d4498dc3dccca
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EA31C52124D3C40FC302A77CA560699BFA6CFC7358F1985FBC1858B2BBCA549C89C761
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D1F34 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c76275bc0e44757940258a09cc4b844cd509cd80af9538d1ee4a7c16cdda6209
                                                                                                                                                                                                              • Instruction ID: bc56778876dfb2de92edb897af8f50ae0218ab44bd129e98bb9b5120c829339c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c76275bc0e44757940258a09cc4b844cd509cd80af9538d1ee4a7c16cdda6209
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 494112B1D0034DCFCB10DFA9C980ACEFBB5AF49304F20852AE459AB255DB356A49CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D1030 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 01cafa72d14fa15d41691ec25712edb058c5310cd955e2e8b715be6dbd42ca75
                                                                                                                                                                                                              • Instruction ID: ecd7640c6b7ad1061ae835a3fc9d61812f1e252229e03b64065b3ad3f414fd43
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01cafa72d14fa15d41691ec25712edb058c5310cd955e2e8b715be6dbd42ca75
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C41FA31B0060A9FCB04EFB9D9556AEB7B7EFC4304B00C538D519A7368EB31A9068B60
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D1A89 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: af0f92dc6d8ed485142c3bcbd15c822e8f68d0a2011ef7640a61e50790887506
                                                                                                                                                                                                              • Instruction ID: f8b408b2ab84dc5052a33534f20bd68966610c72aa7423df6a856a2089fb73c6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: af0f92dc6d8ed485142c3bcbd15c822e8f68d0a2011ef7640a61e50790887506
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2316E32E0170AABDB00DFB9D8805DEF7B6EF95350F11C66AE548A7220EB30A585C790
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D11E4 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d62609dabd375e1216339844b97f6214b789de655ab22c2410aad7ee4ca19cb6
                                                                                                                                                                                                              • Instruction ID: 119e739866ad0227de54b5d1e0565405317199cf38e52fe7eeaae8685b5dc92e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d62609dabd375e1216339844b97f6214b789de655ab22c2410aad7ee4ca19cb6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8241F2B2D00248DFCB14DFAAC994BDEBBB6AF48314F14802AE419AB264DB755945CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D1934 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 7c24af935c148c471cd42ea57fba01b0985a105e60f5e9b2a2c42dcfc52fdd25
                                                                                                                                                                                                              • Instruction ID: 3fdc8a3a4c584a2f06530ef69c6c6191c6d94e83349b6fe4db1406cf4583c9b7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c24af935c148c471cd42ea57fba01b0985a105e60f5e9b2a2c42dcfc52fdd25
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 974104B1D01248DFDB14DFAAC985BDEBBB5AF48304F10C02AE419BB250DB345945CFA5
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D1F40 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: dadcfefe332d096a5c87ea4af00c2c298705d3b8e14cb26ac60d7fccc7e3b4a1
                                                                                                                                                                                                              • Instruction ID: 0d89f84c548318eaeb04ccafefac22e64c8bbbe9e7ff741658f425d1ba7dba61
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dadcfefe332d096a5c87ea4af00c2c298705d3b8e14cb26ac60d7fccc7e3b4a1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C541F4B1D0035DCACB10DFA9C984ADEFBB5AF48304F20812AD419BB244D7746A49CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D11F0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 529697c07d29b73d1bcc8caa33ba7f2f69e3b0714528d4b042d691258fb062cb
                                                                                                                                                                                                              • Instruction ID: 168ef7d2afda0e3964ac01c750faf9b9eb901854cd2e2eb193f3934813ca08a5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 529697c07d29b73d1bcc8caa33ba7f2f69e3b0714528d4b042d691258fb062cb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC31F2B1D002489FCB14DFAAC994BDEBBB6AF48304F10802AE409AB254DB755945CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D1940 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 495fc2c8d4e709e80fae5b076ea0ce9d7bf0af0964f6ce28a15db65fb410c383
                                                                                                                                                                                                              • Instruction ID: 8dd86aed5121984a55e4ce894533120cf48b803e32bde3f88ee7bb9ea3448bd4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 495fc2c8d4e709e80fae5b076ea0ce9d7bf0af0964f6ce28a15db65fb410c383
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C73113B2D01248DFDB14DFAAC984BDEBBF5AF48304F10C02AE409AB250DB346945CFA0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D1CB4 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 4345260a6d3b1698c3c05fb03a81d5ad0fab8623cd765925b216d56dc27201b9
                                                                                                                                                                                                              • Instruction ID: 3ec1f01f5a90db20ba906894af220b066bc82d04bde952ac4a1c225d26fb626c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4345260a6d3b1698c3c05fb03a81d5ad0fab8623cd765925b216d56dc27201b9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A431E3B1D00258DFDB24DFA9C584ADEBFF9AF48314F24812AE419BB250C7756885CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D0830 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 02cefd86ad96795e85f0f9af6d0446fcabc91585e93f29ebe4360ae5a24e4e50
                                                                                                                                                                                                              • Instruction ID: 1fa4a660cb0db390a4cdadcf0fc0292a47deecb865fe3dcede12399041e328bc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 02cefd86ad96795e85f0f9af6d0446fcabc91585e93f29ebe4360ae5a24e4e50
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 552196316003418FDB169B75C4183BE7BB6EFC5708F05856AC8499B355DB369C07D792
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D1BA4 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: acfc45deb29e2a7eeb3e39aab31436de5a9a6ae3e0926941a7d7f971de01322d
                                                                                                                                                                                                              • Instruction ID: c7be70af2d9922cbec2ff0e52f8cb1d356eb2bbc88602e2481190e585566496e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: acfc45deb29e2a7eeb3e39aab31436de5a9a6ae3e0926941a7d7f971de01322d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8931D1B1D00258DFDB14CFAAD484B9EBFB8AF49314F24842AE459AB250CB755845CB94
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D1CC0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d4c58d374281610e2742a4d7a03905a325fe1b21bf5e2d8583ea734955cfbf7f
                                                                                                                                                                                                              • Instruction ID: 3c20c77ec9644c100ad9c58585e339f4f002b66ebddc59507ad5e216a4959c5d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4c58d374281610e2742a4d7a03905a325fe1b21bf5e2d8583ea734955cfbf7f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2631C0B1D00258DFDB24DFA9C484ADEBFF9AF48314F24802AE419AB250CB756985CB94
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D1BB0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9b4907ff4ab10cbc2d1d6f054353b9f2188bbe92e5773f604b6905f67ca6b494
                                                                                                                                                                                                              • Instruction ID: 62c89cd626eee86b103fcc5767448fd987afc010316c2dddaf787979ab42ac8e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b4907ff4ab10cbc2d1d6f054353b9f2188bbe92e5773f604b6905f67ca6b494
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F21D2B1D00258DFDB14DFAAD484BDEBFF8AF48314F24842AE419AB250CB756845DB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D18E0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 880fc93eb982169310e7b926eb71ee63fc8679f2a41453be8d2efe5171480364
                                                                                                                                                                                                              • Instruction ID: ebbfd4369e3b6ce3b2ba3d96a97f04eb76ebae8837e581cbb690429dabae8019
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 880fc93eb982169310e7b926eb71ee63fc8679f2a41453be8d2efe5171480364
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FEF08C30609348AFCB44DFB9985291A7BAADF86308709C4E9D448CB292EA309E059761
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D1188 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: abd4efd0e96a25f1f7a370d48b886850901d32de8542f6a17589a5af6d87dba5
                                                                                                                                                                                                              • Instruction ID: 31a2a19a1feb5374b5e913718261ab17ad09a99a9656b2c3224c9d839353e6ba
                                                                                                                                                                                                              • Opcode Fuzzy Hash: abd4efd0e96a25f1f7a370d48b886850901d32de8542f6a17589a5af6d87dba5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3F0A031605208FFCB01DFB4DE5095A7BBAEF86304744C1A9D408CB261EA318E05DBA1
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D1198 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9b72be53fceeea41ce1e73018db52c0558166ab01bb1ffb59ea9b0034fa5cb58
                                                                                                                                                                                                              • Instruction ID: ec90aadb2aa206e779d4d3a8289d45287d83deb5377efa36a03c77ade186d9c1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b72be53fceeea41ce1e73018db52c0558166ab01bb1ffb59ea9b0034fa5cb58
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1E01A31B01209EB8B04EFB4DA5196EBBAAEB85304740C5A8E509CB254EA31DA059BA0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D0B39 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: baae6f01ea42601bffc895fa9f7627a15087936a64ee3d39f6959d35c2992570
                                                                                                                                                                                                              • Instruction ID: 3b46fc3b9f0ef717412e34b52fd7eee28ea2207657b5ffdc6f3c009dfcea54b0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: baae6f01ea42601bffc895fa9f7627a15087936a64ee3d39f6959d35c2992570
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EBE0C211788A900FC3036B7CA4601589BA3C9C232074942FFC9049B36ECE2CAC4E87B2
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 029D09B5 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000B.00000002.2295173093.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_29d0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: bed2a10e20d54ee8afbbf68c16edfd774876126d876290c6c62a6c964f8c4741
                                                                                                                                                                                                              • Instruction ID: 251ac990abcdb2269b256cf39e65a1f756442849b0f4c81f38a9e9d960406da1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bed2a10e20d54ee8afbbf68c16edfd774876126d876290c6c62a6c964f8c4741
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 95D09235B40229CFCF00EFA8D9486DC77B0EF88725F0000A9E20AEB270DB759855CBA1
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FFD9B400FA8 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2297683262.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 3be0bf847d39d2d0875e5cd1eaec34787fcec8f65773990de09d6c91ed868957
                                                                                                                                                                                                              • Instruction ID: ab1561c18d3dc3b2a34e2238a8a510388268936922be1a83ddee7623dea4f1f3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3be0bf847d39d2d0875e5cd1eaec34787fcec8f65773990de09d6c91ed868957
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2971C853B0FACD0BE776069C6C61135AF91DB97668B0903FBE0C8861FBD85A9E05D381
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B40135A Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2297683262.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd9b400000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8ffa4b71212f0b8d9a1a17963f20b7d6e102487088b30dcab1e7f92ed2a83e01
                                                                                                                                                                                                              • Instruction ID: 62de078f7a369aa7830a40a7e6cdda806884d609bd3aed979f34ace8eae38558
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ffa4b71212f0b8d9a1a17963f20b7d6e102487088b30dcab1e7f92ed2a83e01
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D21B431A0CA4C9FEB18DBA8D849AE9BBE0FF55321F00422FD049D3652DB756856CB81
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 019C17F8 Relevance: 2.6, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $^q$$^q
                                                                                                                                                                                                              • API String ID: 0-355816377
                                                                                                                                                                                                              • Opcode ID: 47b36a1373f6de88ef9be35c7979e65d05aa81c2b7972d9025a92accff132a96
                                                                                                                                                                                                              • Instruction ID: 9e69b0a4f68a24e619b7d71ccbfa586a4b992140d470f668525720cbb0173321
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47b36a1373f6de88ef9be35c7979e65d05aa81c2b7972d9025a92accff132a96
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E210531D00709CFCF109F78D8448AAF7B4FF45300B0586AED4486B226EB31E998CB92
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C17E9 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $^q
                                                                                                                                                                                                              • API String ID: 0-388095546
                                                                                                                                                                                                              • Opcode ID: 3edd391d3219aef6847b6270a5b87feb177a9516dabda1e6301f33a4eabd9588
                                                                                                                                                                                                              • Instruction ID: a5b9461bd663cce63a8b309a4a01aa3250e27db055660482d1c0cc4dea3b6a47
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3edd391d3219aef6847b6270a5b87feb177a9516dabda1e6301f33a4eabd9588
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B21B03190470ADFDF119F78D8548AAFBB1FF45301B058AAED4496B222EB31D994CB92
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C0848 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 1a3c14301e69d805c04b662ead9965c495cf9f94300d99dd57bb100d8e8eb1f9
                                                                                                                                                                                                              • Instruction ID: 3d5bba91690c971357dc81bf5dbccedd3aefa8ab97daff220b9ea1389411c2d4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a3c14301e69d805c04b662ead9965c495cf9f94300d99dd57bb100d8e8eb1f9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E161BD34A00306CFDB15DB78D9186AEBBB6FF88B04F04856DE449A7354DB359C46CB42
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C15A2 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 53c7c8fbe71394acf62c2886527a549bb37280baf200cb451056feed7720b27e
                                                                                                                                                                                                              • Instruction ID: 4d5e7dbc18835497287d1de510e62ab341f749a04cc5a808dc211ee6063dd808
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 53c7c8fbe71394acf62c2886527a549bb37280baf200cb451056feed7720b27e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2516232E50B06A6D710DFA5CC45699F371FF9A700F21CB1AF6483B191EBB0A5D8C651
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C15B0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: efb0851eee0898823387fa87e76371132b088bf7b868634017f2e6e4efb0862d
                                                                                                                                                                                                              • Instruction ID: 873d6d5b81302a116125750989635927c368366dc7e1751f3770ba3f4e3564e6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: efb0851eee0898823387fa87e76371132b088bf7b868634017f2e6e4efb0862d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF513E32E50B06A6E710DFA5CC45A99F371FF9A700F61CB1AF6483B191EBB0A1D4C691
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C1DC8 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 3aab1cb0f066ef7a36dbcccbb163294d7915142012b1ecd4e6c48e3d1a46b6b3
                                                                                                                                                                                                              • Instruction ID: 7a762e05678b32fb8529bff9a36ede2c8c6cf39f58db05e2049eeca63c8c1f3a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3aab1cb0f066ef7a36dbcccbb163294d7915142012b1ecd4e6c48e3d1a46b6b3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC417132E0074A9BCB01DFB9C8504DDF7B1FF94300B11C62AE959BB215EB30A586CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C1029 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: dfa54c0d2a86327f51bc6a143b961dc225d6858cf0aa9c9f7e22cbff2c4446cc
                                                                                                                                                                                                              • Instruction ID: a9ec67a01021e6f26b2c0b2c0d023c3be9b49669e16739581f885de25f8bc620
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dfa54c0d2a86327f51bc6a143b961dc225d6858cf0aa9c9f7e22cbff2c4446cc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0414D30B0060A9FDB14DB75D9549AEFBF2FFC8304B01C539D50997269EB39A906CB51
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C1F34 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 39d4261c77ab96b8fd485dc3f57d876fd6ca92fe3fd53d6907042603131442f5
                                                                                                                                                                                                              • Instruction ID: 388f03e500f603b43d9f7c73ac57e4ff3d69869398e0819534bc618fa4f12223
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 39d4261c77ab96b8fd485dc3f57d876fd6ca92fe3fd53d6907042603131442f5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6041E4B1D003598FCB10CFA9C984ADEFBB5BF88704F20852ED459AB250D7746A49CF94
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C1A89 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 35eb3c553c68ba6d44230aaf87744d6fb06754cd3dfb7487fecf5fa4270a7840
                                                                                                                                                                                                              • Instruction ID: a03807a3e2b6217e12cd90ebf9cfe166983c505eeb333664f34bac6276945445
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35eb3c553c68ba6d44230aaf87744d6fb06754cd3dfb7487fecf5fa4270a7840
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD318132E0060AABDB01DFB8D8904DEF7B2EF94310F11C67AE549A7251FB30A585CB91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C11E4 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 2fea3b2053aa4cd5b9d8250e76d20de4147c4ccb244aadb4cfacc46e3208fbdc
                                                                                                                                                                                                              • Instruction ID: 1eb390ceb4d85c98063e4a1a5a734a7ac145222ec3de60b132785c9f1a08cf10
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2fea3b2053aa4cd5b9d8250e76d20de4147c4ccb244aadb4cfacc46e3208fbdc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 204124B1D00218DFDB24CFAAC994BDEBBF6AF48700F10802AE408AB250CB346945CF95
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C1934 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 441649ec74f539a1843c926b578964481e97c8ac01c7185aaf512c7afe5c0f70
                                                                                                                                                                                                              • Instruction ID: 4879f72e65d23a862b5a6a5994362072a88957b83b16eb900739e26715ab73f6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 441649ec74f539a1843c926b578964481e97c8ac01c7185aaf512c7afe5c0f70
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 134133B1D00258DFDB14CFAAC984BDEBBF5AF48300F10802EE409AB2A1DB345946CF95
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C1F40 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 87481d49e415af9b22916a0fba6fdd640281276c02df41eb9df835d1677a45f0
                                                                                                                                                                                                              • Instruction ID: 92331b266fd3013e56879f9041de7c8a087d21317a868d4f41f3b0639058253c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 87481d49e415af9b22916a0fba6fdd640281276c02df41eb9df835d1677a45f0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8341E3B1C0035DDACB10CFAAC584ADEFBB5AF88704F20852ED459BB210D7706A45CF95
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C11F0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 24a8c90565dea93886a6274da06dded2f737c0a8af9854e4c1c9b4cc3d1caf3d
                                                                                                                                                                                                              • Instruction ID: 162609de321ed38e0028fe183d7e6cfd40b45b5ec75438df15ea495babe09a6e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 24a8c90565dea93886a6274da06dded2f737c0a8af9854e4c1c9b4cc3d1caf3d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E83113B1D00248DFDB24CFAAC594BDEBFF6AF48704F24802AE449AB250CB345945CF95
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C1940 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: b45a57a555fb0c2ef4acc64d7602c8e900a44e094bd7d9c346d971f3d84c18d2
                                                                                                                                                                                                              • Instruction ID: d57cfd374f572c736bdc152357e386cbdfbab088d47f84452326026572c4369b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b45a57a555fb0c2ef4acc64d7602c8e900a44e094bd7d9c346d971f3d84c18d2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D63110B1D01248DFDB14DFAAC984BDEBBF5AF48700F10802AE449AB250DB346945CF95
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C0F50 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 80dc7d3392abdfcdbe3797d1507e03934f409dbf126079357bdb7dc411116f50
                                                                                                                                                                                                              • Instruction ID: 7fbedd2a9362e385d5fa4614ca40be946608224433f9162338fd3269b6dd12bc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 80dc7d3392abdfcdbe3797d1507e03934f409dbf126079357bdb7dc411116f50
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A11196352883454FC352A77CA4505ADFBD6DFC5320F09447ED58DCB2A6CE649C8A8662
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C0830 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: e22de14ecc28e5fe0dc6d2e7e39b0e63c384bb148da7d400570ab470f2cbb5c7
                                                                                                                                                                                                              • Instruction ID: 6414775016ae2f50eb6bd9aae2757f1001fec91520a1e477ef2c9baad42d905b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e22de14ecc28e5fe0dc6d2e7e39b0e63c384bb148da7d400570ab470f2cbb5c7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF21DA34A043518FDB268A6889146BF77B6ABC5B04F08416ED94D97395D73ADC0AC3C3
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C1BA4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 6f97dc686bb2ecc5b97208efeabff74b9d7e14cf2e759e13bffa8b4f991c25f3
                                                                                                                                                                                                              • Instruction ID: 7a8ac87a71e3cdb555c3c9c80b075736935f2ffa2235bbef29b1f3190b5502c9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f97dc686bb2ecc5b97208efeabff74b9d7e14cf2e759e13bffa8b4f991c25f3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C33102B1D40258DFDB14CFA9D884BDEBFB8AB48710F24802EE449AB251CB359845CBA5
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C1CB4 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: caafa49f864824dee22d019e5dc8f592e7526f4269f6fbd593b37704a570cfc7
                                                                                                                                                                                                              • Instruction ID: 32e06e252d2b48d9adf45ff62f8fd60016b8a2c4b1693cd8112e7f47bcd358bf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: caafa49f864824dee22d019e5dc8f592e7526f4269f6fbd593b37704a570cfc7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F931FFB1D00248DFDB14DFA9C584ADEBFF8AF48310F24842AE459AB251CB35A985CB94
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C1CC0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: fbccc7486e70cf26cf9e473c270096370286fc1ef46d4ed9c288e57d335570c3
                                                                                                                                                                                                              • Instruction ID: 3a8b4e97906c589c62bf666a694c861fa266dc56d76dcaa9c8fc3a0f2132df2f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbccc7486e70cf26cf9e473c270096370286fc1ef46d4ed9c288e57d335570c3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD31F4B1C00258DFDB24DFAAC484ADEFFF8AF48710F24842EE459AB251CB746945CB95
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C1BB0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 2151231aa31f8a2844cdfbbfd9515e24574c9ae861396fddcfcf9440bddf0b77
                                                                                                                                                                                                              • Instruction ID: 6c10891fff348bef6af365728a5f115a165589a1fa4adee16f59d1e06ac5fa8a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2151231aa31f8a2844cdfbbfd9515e24574c9ae861396fddcfcf9440bddf0b77
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4121F2B1C00258DFDB14CFAAD484BDEBFF8AF48710F24802EE449AB250CB755845CB95
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C1188 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 20c99072f78507c8634af25a3d2ba29324d85f56b73072bb1860223c36b21964
                                                                                                                                                                                                              • Instruction ID: 0acbf5a54fcec3af83e5c5ca68e04bcd9b5230f6bcc5bb2ceeee9f6c97bcd46c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 20c99072f78507c8634af25a3d2ba29324d85f56b73072bb1860223c36b21964
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5BF05431A45209AFC745CFB4895089D77E5EB8521470180BDD808CB155DA399E0BDBA0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C18E0 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 83d8101955b39701628f22989db0150e0885520ce5e1ac4bc5ce24590079a46e
                                                                                                                                                                                                              • Instruction ID: 8b9949e19f4c079729688eb1cc08f131714550b44f1a9ff2035c5be522c02080
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83d8101955b39701628f22989db0150e0885520ce5e1ac4bc5ce24590079a46e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0EF08230A45206AFC745CFB499508ADBBE6DBC2214705C0BDD809DB156DA389E0AA761
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C0AD8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 61c0f502f048809923dda63920ff2cc2dc22196828ca0c5e996212738cdaf7aa
                                                                                                                                                                                                              • Instruction ID: 5f7f7591f3cd2bcfccd674d8a11fb415970d4ed2c223ed08820d501a36b14c91
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 61c0f502f048809923dda63920ff2cc2dc22196828ca0c5e996212738cdaf7aa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5F0F830901209EFCB40EFB8FA4459CBBF5FB88304F6059A9C809A7214EA356F449F50
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C1198 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 4a49c7a8e4dd5175731bdec59d562a65ef850295f870cd9cf67af31403a412ef
                                                                                                                                                                                                              • Instruction ID: 1c2abad587a5a9f8c53337d23a40dd9f7863a982ebe6959b4a3a02e1abc855a0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a49c7a8e4dd5175731bdec59d562a65ef850295f870cd9cf67af31403a412ef
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CDE09A31B01209AB8B00DFB0C900C6EBBEAEB84204700C4A8E5088B254EA31DA019B90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C0B3A Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 5a2a05fb5dece333e1d308fa6de2a87628bbad35db4d141160b93f80f3354dd9
                                                                                                                                                                                                              • Instruction ID: b4c24427307804291d054aad372e25f32ac4cfe27bddd9802b6f33915e3cb20c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a2a05fb5dece333e1d308fa6de2a87628bbad35db4d141160b93f80f3354dd9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AEE0C2317947528FC346AB6C9140098F7E2FEC5230706427AD509CB269DF6CDC468BE6
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 019C09B5 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000F.00000002.2303042847.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_19c0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8af6b6749e708a8f6432f10db5fee36add43a6e5cd8d40647fd8022b4a41eb8d
                                                                                                                                                                                                              • Instruction ID: 046b21aa91bf19a6275c2a6d4b357c962f587f6235d3923fb24f1852ed096ebd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8af6b6749e708a8f6432f10db5fee36add43a6e5cd8d40647fd8022b4a41eb8d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94D09E35740119CFCF00EFA8D5485DC77B0EF88715F000169E109DB270D7759855CB51
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FFD9B3D0808 Relevance: .8, Instructions: 837COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000011.00000002.2305466459.00007FFD9B3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ffd9b3d0000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 0b6c97f58a6bcdbd31c05066da29202c4d96ee8ba9658b5a5cf3d3803ffd7e4e
                                                                                                                                                                                                              • Instruction ID: da954af36d1f1fe567a6ad95e0878d826f7a9bafb40841272f20176c445f24c5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b6c97f58a6bcdbd31c05066da29202c4d96ee8ba9658b5a5cf3d3803ffd7e4e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE421B21B0EA890FE765EB6884706657B91DF8A744B2506FFD04CCB1F7DD2AAD09C342
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B3D0548 Relevance: 3.8, Strings: 3, Instructions: 3COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000011.00000002.2305466459.00007FFD9B3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ffd9b3d0000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: <P_I$=P_I$?P_I
                                                                                                                                                                                                              • API String ID: 0-1229601543
                                                                                                                                                                                                              • Opcode ID: 71ba72ae68d4b12b9f0c730455160e0f73a663ed3416be72028494b53dad435d
                                                                                                                                                                                                              • Instruction ID: e2f466db791276dd9fbe61c1466a2f6da7c5322ee7bf375e6a1ca98c8c282d56
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71ba72ae68d4b12b9f0c730455160e0f73a663ed3416be72028494b53dad435d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10900201519092059605367420394E45F215F02114A0886E1D0DD0D0C7484420C18144
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B3D0FA8 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000011.00000002.2305466459.00007FFD9B3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ffd9b3d0000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9f7277ddd368aaafcd0d39df5d0f1e0ac66c730e89dfc1577e70dd21e01478c1
                                                                                                                                                                                                              • Instruction ID: 43efa4e037c0ff0f4270dfcee8f23c57b7199b2da206fd972819cbf40e2080fa
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f7277ddd368aaafcd0d39df5d0f1e0ac66c730e89dfc1577e70dd21e01478c1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6171C793A0FAC50FF37695DC2C611265F9ADBD266071903FFE08C871FBD85A9E058291
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B3D135A Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000011.00000002.2305466459.00007FFD9B3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ffd9b3d0000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 6b7561e96508ff3e67e7f2baf3e2d5f6aed1c96303bee2d41f1b4ed01871ce31
                                                                                                                                                                                                              • Instruction ID: 994c3d3726ce11e5a9d302155663aa3faac9ad4d4ede0f59d8eba4bf90abaa9b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b7561e96508ff3e67e7f2baf3e2d5f6aed1c96303bee2d41f1b4ed01871ce31
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4121963190CA5C9FEB18EBA8D855AE97BE0FF55321F00422FD049D3652DB756846CB81
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FFD9B4B12C0 Relevance: 1.9, Strings: 1, Instructions: 694COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000013.00000003.2390601999.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_19_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 2B_I
                                                                                                                                                                                                              • API String ID: 0-979045943
                                                                                                                                                                                                              • Opcode ID: f804059a9869702a1ec560777dbad8ebffa8e9dfe2802a14f3b35a63f3d3eb77
                                                                                                                                                                                                              • Instruction ID: 6b16403f2a962597fe8cb8a3af06e3328ce6f458ea4418c15836386d649b8c1b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f804059a9869702a1ec560777dbad8ebffa8e9dfe2802a14f3b35a63f3d3eb77
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 042217A3B1F6D50FEB3585AC186817D6B92EBD236471940FBD1C8870FBE814AE06E741
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B3751 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000013.00000003.2390601999.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_19_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 6'
                                                                                                                                                                                                              • API String ID: 0-671934268
                                                                                                                                                                                                              • Opcode ID: a15e6a31541deba22da788c655fa55b9a80d73134a32f8550c134f476e00ce41
                                                                                                                                                                                                              • Instruction ID: fd7e78f6b42c319594fc02f2e718d0873fda0280ff5960df836dd6cf10244d35
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a15e6a31541deba22da788c655fa55b9a80d73134a32f8550c134f476e00ce41
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA916B2160E6D94FE766977D98746757FE0EF53328B0A01FBD1C8C70A3E908A846CB42
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B1518 Relevance: .6, Instructions: 641COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000013.00000003.2390601999.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_19_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: e04972b78357b92c6123dacb58079710ae6f9770b8f8d35c08687bdb69703009
                                                                                                                                                                                                              • Instruction ID: 0e8346bf8d358adc7fde7495e92779694715ae07ced6dca410ed817dc93c18f9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e04972b78357b92c6123dacb58079710ae6f9770b8f8d35c08687bdb69703009
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB126772B1FAC90FEB7996AC586517C6BE2EF85350B1900BFE089871EBDC24AD01D741
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B1610 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000013.00000003.2390601999.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_19_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: acfd07a2bd4469bf0b27727391a551733c2c0075c33fe55003f19a19416af4f6
                                                                                                                                                                                                              • Instruction ID: a7efe59fe9332cd27da1af0b88e8ec404435743e03f4ef1e3d3a0e5ecc7ac9a9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: acfd07a2bd4469bf0b27727391a551733c2c0075c33fe55003f19a19416af4f6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AFA14773B0F6C80FE73986AD186417D6B92EF95364B1900BFD1C8871BBE8249E06D742
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B410E Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000013.00000003.2390601999.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_19_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 07'$@7'$H7'
                                                                                                                                                                                                              • API String ID: 0-1544512239
                                                                                                                                                                                                              • Opcode ID: baba8fc458d0592a2cc2cbb5b39fd06c67dfc7749df9689aaf79a7cbc8265387
                                                                                                                                                                                                              • Instruction ID: a70702ee8f4507aa7032247930b7725eb54c033ec0b6414c8c1f400b02650e9d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: baba8fc458d0592a2cc2cbb5b39fd06c67dfc7749df9689aaf79a7cbc8265387
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F51F430B19B454FDB59EF7884669697BE1EF48304B1440BED00ECB2E7DE389846CB42
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B20FA Relevance: 1.6, Strings: 1, Instructions: 346COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000013.00000003.2390601999.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_19_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: P7'
                                                                                                                                                                                                              • API String ID: 0-3885740190
                                                                                                                                                                                                              • Opcode ID: 817a5d8ed466529d58ce9969def4b08da5c1519a81576cd0fae415631e349c45
                                                                                                                                                                                                              • Instruction ID: 651f339621c3331ab54bb732ce5fdf771dd39a987b6366c451bf5a43f18234e0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 817a5d8ed466529d58ce9969def4b08da5c1519a81576cd0fae415631e349c45
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00A12917B1E1A60AD719B7BDB4A65F83F61EF8123870842F7D0DD8F0D7DC08648A8295
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B449D Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000013.00000003.2390601999.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_19_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: x6'
                                                                                                                                                                                                              • API String ID: 0-822353525
                                                                                                                                                                                                              • Opcode ID: d61f9006768b19c8e2f9e46a43decacc91568baa8efc078af172874fc3dae24c
                                                                                                                                                                                                              • Instruction ID: c7aaf93bed5cd4b41373f6ba4b60f874c43f3610794cbb5fe02a149974a9dfa9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d61f9006768b19c8e2f9e46a43decacc91568baa8efc078af172874fc3dae24c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54611412F0EA6A0FEBB962B804762BD27D1EF45318F1600BED249C71E7EC0C9D465781
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B29F0 Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000013.00000003.2390601999.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_19_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: x6'
                                                                                                                                                                                                              • API String ID: 0-822353525
                                                                                                                                                                                                              • Opcode ID: eb2e4455ae65db89b1493babbd54d9353a67dc35a5cab099e3e5342e57234baf
                                                                                                                                                                                                              • Instruction ID: 1835d6e332eca539fa4c17556524066dc26594f88d09bb2e852e9b760994007a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb2e4455ae65db89b1493babbd54d9353a67dc35a5cab099e3e5342e57234baf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE012421B1E06A1FD73C47B4AC219A93F169FCB358B0A41BAD01DC72FBDC2C66028750
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B2A70 Relevance: .3, Instructions: 330COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000013.00000003.2390601999.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_19_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: aea3c4d2244c97420178bd9858278527dd7730351ab4a00f6d8a4f55512c0a85
                                                                                                                                                                                                              • Instruction ID: c9d1bfe5768055ef40f831cea90c69173bc4f28a7e90ac3ecbfb50f4a4f75639
                                                                                                                                                                                                              • Opcode Fuzzy Hash: aea3c4d2244c97420178bd9858278527dd7730351ab4a00f6d8a4f55512c0a85
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18913611B0FBAA0FE7BA96F858361A92FE1DF46214B0A41FBD15CCB1E7EC0859069341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B1D90 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000013.00000003.2390601999.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_19_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 17ca4e815e61714081f76731919ac4537213ca8cc6ff97057b0ddf6e9131e8f0
                                                                                                                                                                                                              • Instruction ID: acf37dd9eb7db96312a0c496b347389e3195a8f448ecf671655f758db3136651
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17ca4e815e61714081f76731919ac4537213ca8cc6ff97057b0ddf6e9131e8f0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9412911E2FBAA0FE7AA977848756A83BE1DF56254B0601FBC148CB0F3ED4C5D468742
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B1C51 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000013.00000003.2390601999.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_19_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 48c0bb14ffdb01ab90d8a334046564356b892a8c96d3bc58ef685b46452ac271
                                                                                                                                                                                                              • Instruction ID: 1d5adb0db4673064f94400c73d7ad186b8f77c666749876ff84aadbccdf03b87
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 48c0bb14ffdb01ab90d8a334046564356b892a8c96d3bc58ef685b46452ac271
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A41D33091E7C94FDB2A9BA958645B97FB0EF13329F0401BFD089C21A3CA582416C746
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B34E1 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000013.00000003.2390601999.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_19_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 1b2525b4dbd160ac4ae63147a3b5684b2fd7620fbbfcf1f2eb24662503422ae8
                                                                                                                                                                                                              • Instruction ID: 01bb33e15b02e1102994bd39339b752ccb3e2785954488b33554c3a7b9787632
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b2525b4dbd160ac4ae63147a3b5684b2fd7620fbbfcf1f2eb24662503422ae8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F841A230A19A5D8FEB65EF6DC855AED7BE0FF58314F1500BEE44DC32A1DA24A8418B41
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B3060 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000013.00000003.2390601999.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_19_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 79eb54278f299725380e42e5bff59f04143e061c84ae80e6ea1f39c2baf16054
                                                                                                                                                                                                              • Instruction ID: 84fa2678c6b91db732140893a5513b09b179f7d6d514a375756790d5649080e5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79eb54278f299725380e42e5bff59f04143e061c84ae80e6ea1f39c2baf16054
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8214920B0E1660FE76C87B9AC225F97B96EF85324B4512B6D109CB2EFDC5829029B41
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B39FC Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000013.00000003.2390601999.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_19_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 0ed3d2f770838ba63078147fa58c1555bf6d4d8fe2315aaec8876e96cc03cf5c
                                                                                                                                                                                                              • Instruction ID: c206c74b44a6c6b3992ee2b79eded6cbc52d8ecd3e048abc800b72d472d7ae4f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ed3d2f770838ba63078147fa58c1555bf6d4d8fe2315aaec8876e96cc03cf5c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE01D83060E65A5FD752E6B445765BA7BE2EF49310B1985A9C449871B6C93CCC46CB00
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B3168 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000013.00000003.2390601999.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_19_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f14fdccdeb1b91b64197b96a4158ca94c38593c210c95f9a2cf1cbefce8e943f
                                                                                                                                                                                                              • Instruction ID: 5fd56e2cdba77fee29d982ccd8e4105f27dfa6289c23d63f15cb53f4bdc19382
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f14fdccdeb1b91b64197b96a4158ca94c38593c210c95f9a2cf1cbefce8e943f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11F06211B1AC7E05F27611EA16652BD2185AB4522CFA60536DA2DC61F2DC08EA522D51
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B48A1 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000013.00000003.2390601999.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_19_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 35baa69565f93a6523d70c6eac3605b48d4c30392ee9ffc930abd1d0c72f8ac5
                                                                                                                                                                                                              • Instruction ID: d12b09b476ddea94841a616c60746dde3cc51730efe31a9749493595ddaa695d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35baa69565f93a6523d70c6eac3605b48d4c30392ee9ffc930abd1d0c72f8ac5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9F0FF1450E2D94FDB62977C5870AA67FE49F03328B0940EEE0D8C60E3E8881986C382
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B27D7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000013.00000003.2390601999.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_19_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c176c493c913130632a958d06bd99830177f7ebe8e1f3a7ff2efe9b86cb88668
                                                                                                                                                                                                              • Instruction ID: 482f06afbf8c7f7d01d337c2106e2a8d71e3c13c79eb3284e2e96b3e8398fbe8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c176c493c913130632a958d06bd99830177f7ebe8e1f3a7ff2efe9b86cb88668
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CCE07D3260F94C5BCB10EA9A7C604CA3F98FF8D318B01012AF48CC3251E2125511C755
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 02C80848 Relevance: 3.9, Strings: 3, Instructions: 188COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: <P$<P$PW
                                                                                                                                                                                                              • API String ID: 0-3322705218
                                                                                                                                                                                                              • Opcode ID: 38abbc01e4e9805ea48914afce63cd44db448441e31315ee9f00701845cb832d
                                                                                                                                                                                                              • Instruction ID: ab461e1c00824986730f690e7dd5155a0a962c3fb82d08f2230c270834de44d5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38abbc01e4e9805ea48914afce63cd44db448441e31315ee9f00701845cb832d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6861CC31A003168FDF05EFB5D9146AE7BB2BFC8708F00856DE405A7364EB31A98ACB51
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C81674 Relevance: 2.6, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: ,$3y(
                                                                                                                                                                                                              • API String ID: 0-105263733
                                                                                                                                                                                                              • Opcode ID: a0b29af9eedf37f0671ded0115d2af9371b27b05bdc9d870fe62a10d7093951a
                                                                                                                                                                                                              • Instruction ID: 7573348dc54c0c1b3c4def24adb86b011cd36d8313cdbf5d6d9d9b61dbcf4c14
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0b29af9eedf37f0671ded0115d2af9371b27b05bdc9d870fe62a10d7093951a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 714124B1D012489FDB14DFAAC994BDEBFF5AF48308F14802EE409AB250DB74594ACF95
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C81538 Relevance: 2.6, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $^q$$^q
                                                                                                                                                                                                              • API String ID: 0-355816377
                                                                                                                                                                                                              • Opcode ID: ed80df178f95b07e91842d1b14d6052d5c8f03a48b266b5e5cf78a38df902fad
                                                                                                                                                                                                              • Instruction ID: 68962c552e79bdd017cce9726669484c9cad18c51fcb2219cc0afbafcd87f275
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed80df178f95b07e91842d1b14d6052d5c8f03a48b266b5e5cf78a38df902fad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C21D331D00709CFCF14AF69D844899F7B4FF84315B0986AED4496B222EB71E599CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C80E18 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: td
                                                                                                                                                                                                              • API String ID: 0-168246173
                                                                                                                                                                                                              • Opcode ID: d570a09a26308aa24590f058de12f2e32f8d69cd3b2a74b33b5209c2b2bdc14b
                                                                                                                                                                                                              • Instruction ID: 19cd878871e7ed7caec798e804359c870b64c395033d1445890141f4fec6232e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d570a09a26308aa24590f058de12f2e32f8d69cd3b2a74b33b5209c2b2bdc14b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D831A32214D7C00FC703663C59A05AA7F62CED2258B1986FFC185CB6B6D91A988BC362
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C81B08 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: d
                                                                                                                                                                                                              • API String ID: 0-3348386454
                                                                                                                                                                                                              • Opcode ID: 27ce26962dd83f9d2758414f02add7bceed2b75ad467253846b46f84890b1029
                                                                                                                                                                                                              • Instruction ID: 407fb0cb689bb03f357d15e2c09952ac6d2bd94e5bfa9e1e1d4aadb7cabc8487
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 27ce26962dd83f9d2758414f02add7bceed2b75ad467253846b46f84890b1029
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F416232E00B4A9ACF00EFB9C8504DDF7B2FF95304B15C66AE559B7215EB70A586CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C81C80 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 3y(
                                                                                                                                                                                                              • API String ID: 0-3138783643
                                                                                                                                                                                                              • Opcode ID: 76965cffa2a3a7323f06fde72fbccba089120c8fc50a7df65d2a5338650291d3
                                                                                                                                                                                                              • Instruction ID: eb930303a5ab328403b7e322067aa91a85fc14574a50658d6481732deda021dd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76965cffa2a3a7323f06fde72fbccba089120c8fc50a7df65d2a5338650291d3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2441F3B1D1035DDACB10DFAAC944ADEFBF5AF88304F24812AD419BB244E7716A85CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C81198 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 3y(
                                                                                                                                                                                                              • API String ID: 0-3138783643
                                                                                                                                                                                                              • Opcode ID: d74af3755ba0a5d30591ff367c5f7a8f0a105e37a22f0d84d1ae161abe6deb8f
                                                                                                                                                                                                              • Instruction ID: c92852839c68c9302b7c5b04faeccee42c266b65c7c3316935596b70dcb59d96
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d74af3755ba0a5d30591ff367c5f7a8f0a105e37a22f0d84d1ae161abe6deb8f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 393106B1D012489FDB14DFAAC954BDEBBF6AF48318F14802AE408AB250DB745946CF91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C81680 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 3y(
                                                                                                                                                                                                              • API String ID: 0-3138783643
                                                                                                                                                                                                              • Opcode ID: fb6404fe02052bb830eabc8c9de8b1fd00535537c7506a3693b678cb881b9cc7
                                                                                                                                                                                                              • Instruction ID: 34590484ba340a18b74b9391cad967dab1766a5e13d4c2249ea4cc9b215c9ebb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb6404fe02052bb830eabc8c9de8b1fd00535537c7506a3693b678cb881b9cc7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C3134B0D01248DFCB14DFAAC984BDEBBF5AF48308F14C02AE409AB250CB745946CF94
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C81A00 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 3y(
                                                                                                                                                                                                              • API String ID: 0-3138783643
                                                                                                                                                                                                              • Opcode ID: caf5079c28e0b22d1175a5683afb243bf8593823bcd336d8b2b951b077e7f0f2
                                                                                                                                                                                                              • Instruction ID: b36dd2367df44ebb49a27cfa30b9024530d69b7a2b752994a7344cde637e017a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: caf5079c28e0b22d1175a5683afb243bf8593823bcd336d8b2b951b077e7f0f2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B31D5B1D40258DFDB14DFAAD484BDEBFF9AF48314F24802AE419AB250C7755945CFA0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C818F0 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 3y(
                                                                                                                                                                                                              • API String ID: 0-3138783643
                                                                                                                                                                                                              • Opcode ID: 520701737d5d9dbee329095d38be51b8ac193b2cf49c8fed8d08c073f022deea
                                                                                                                                                                                                              • Instruction ID: 5fb4d70451ec98c9bebf68c29b0de112e36ea77d6936b878a8bbac8221eec797
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 520701737d5d9dbee329095d38be51b8ac193b2cf49c8fed8d08c073f022deea
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6821D3B1D00258DFDB14DFAAD484BDEBFF9AF48314F24802AE459AB250CB745945CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C81028 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: O
                                                                                                                                                                                                              • API String ID: 0-3691759157
                                                                                                                                                                                                              • Opcode ID: f2a4f471fa5cf446baaf62b3e625f863cfe4c83768efccf20a881e141743c5ed
                                                                                                                                                                                                              • Instruction ID: 0ca160afc3d1e5992924da9a43b72ca8f547a3d3d64670aa3bbe0dd729acf63f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2a4f471fa5cf446baaf62b3e625f863cfe4c83768efccf20a881e141743c5ed
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF0104317082405FCB05DB7AE8209ADBBB2DBC1354B04C6BED009DB7A5DB369847CB50
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C810C8 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: pU
                                                                                                                                                                                                              • API String ID: 0-3071279769
                                                                                                                                                                                                              • Opcode ID: 6771133c3d1a2aff54b0f5d76bbd08474792d00037caa4bac0ebf1dbee3937d8
                                                                                                                                                                                                              • Instruction ID: b58fa03746f0d3a9c8329c2396f6e9ba2d418f09b716aab80af19684d0b1401b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6771133c3d1a2aff54b0f5d76bbd08474792d00037caa4bac0ebf1dbee3937d8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50F0893170010C67CF14EAA5D9159EEB7EBEBC8344F04C439D50567294DE729955C7E1
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C8161F Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: `a
                                                                                                                                                                                                              • API String ID: 0-2830760685
                                                                                                                                                                                                              • Opcode ID: 1b6dfdbcae19af260001fec7b571f65c5d0930d8c7ebac9a72f9589b829cefdc
                                                                                                                                                                                                              • Instruction ID: 55693f4a7651b7600d5debbb11d22a24962b85de8cc6542c948ee5de9b62c387
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b6dfdbcae19af260001fec7b571f65c5d0930d8c7ebac9a72f9589b829cefdc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DCF0A731A05148AFCB04DF749D559AEBFE6CB81204B09C5ADD44DD7152D9328A079751
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C80AD1 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: PW
                                                                                                                                                                                                              • API String ID: 0-3705201942
                                                                                                                                                                                                              • Opcode ID: 55b32e92b714a31b62a6be08a3ba5825a449bfa92c85a39284ebdcf8038d49f1
                                                                                                                                                                                                              • Instruction ID: 1c08764255e61f1060d6a1bf14ef8a769bb530c662b130401d84e306a4dff7cd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55b32e92b714a31b62a6be08a3ba5825a449bfa92c85a39284ebdcf8038d49f1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1BF01D34905108EFCF01EFB8E95599CBFB1EB45300B5046BDD405E3355EB316A9A8B50
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C80AD8 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: PW
                                                                                                                                                                                                              • API String ID: 0-3705201942
                                                                                                                                                                                                              • Opcode ID: c10285f358808cd836b6ff11f4dec19d5a2abe28364e4c5d679e85073a2bb8e7
                                                                                                                                                                                                              • Instruction ID: 939a58b0fab62aac8e8e84d00ccd69e0c31c2c9eef82611177493086db8efe15
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c10285f358808cd836b6ff11f4dec19d5a2abe28364e4c5d679e85073a2bb8e7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97F0FE34901108EFCF40FFB8E94599CBBB1EB44300F5045B9D409A7354EB316F9A9B50
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C80B39 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: hX
                                                                                                                                                                                                              • API String ID: 0-367658503
                                                                                                                                                                                                              • Opcode ID: d00310115e5dccface67e1cda484741011027faff5bb7ca5c089f3231c80871a
                                                                                                                                                                                                              • Instruction ID: 23c1506bc960aaff04c44e7b0c05329348a10669871ceb7701d65bb6114a1c7c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d00310115e5dccface67e1cda484741011027faff5bb7ca5c089f3231c80871a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3CE0CD1275CA400FC347AB6C691155C7BE2C9C1310B4942BFC50597269DD147D8A8BD6
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C812F0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 6fbf9b40b92e392ea32973e9da08d69ebd72f0d28096741149185d091573149e
                                                                                                                                                                                                              • Instruction ID: 1a6fa4e84436633025fc6713a866af961a3340f29c2cb54a7978adcb9d7c8bff
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6fbf9b40b92e392ea32973e9da08d69ebd72f0d28096741149185d091573149e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2513032E50B0AA6E710DBA5CC45A99F372FF99700F61CB15F6483B191EBB0A1D4C681
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C80ED8 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 000c7164aff8a140684551445fb83ee854226dbf57625e16dc48f6f9d14b4b2e
                                                                                                                                                                                                              • Instruction ID: d72a19722510cd22771179a9e4f2c7957f1b37f865f11a76b08342ede418d047
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 000c7164aff8a140684551445fb83ee854226dbf57625e16dc48f6f9d14b4b2e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0911792214E7D00EC713637C19B05DA7F758E93228B4A46EFC0C1CBAB3D549894EC3A2
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C817C9 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9b482a9811a0de8f0113f6b8a10354bfc3923026367400f18df044cbfa562145
                                                                                                                                                                                                              • Instruction ID: 17e68293d2e06f7472d56985bf437cbc87cdcc959f31dca5982bd8c2dfa891b9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b482a9811a0de8f0113f6b8a10354bfc3923026367400f18df044cbfa562145
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44318132E007099ADB00EFB9D8905DEFBB2FF84304F15C66AE549A7211EB70A586C791
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C80EAF Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 28341942873f81386e0faee8b563a13cf4402ccd95a4edcabeb838472cc00e5e
                                                                                                                                                                                                              • Instruction ID: e083c95f52e96f81017f89c56a15bacc023ea9bc90833bf23fa0ed2d4d55bac7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 28341942873f81386e0faee8b563a13cf4402ccd95a4edcabeb838472cc00e5e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0F0A73114D3800EC712623D5550AAA6FA6CED3318F4987FFC146C7AA3C59A588BC722
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C80830 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 29d9fdb02df5ee45e4cb04065471e795f4776f85bb0b4239dcd36f8be7c8ba04
                                                                                                                                                                                                              • Instruction ID: e1b64e6ef3f32bef5da8f8e9d75a93736ddd2b2ebd02db16d6058ed2d83f9773
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29d9fdb02df5ee45e4cb04065471e795f4776f85bb0b4239dcd36f8be7c8ba04
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1210835A043514FDF16AB75C8102EE7BB3AFC560CF05866EC90597355EB3A980BC381
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02C808FF Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2390100349.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_2c80000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d4b442fff52ee4b3cb4b06c04761647d9edf0eac6e480cd98a129612d6466a87
                                                                                                                                                                                                              • Instruction ID: 3b889974d0e203d965d7c33a88af49e3662d00f37ab70e8523ccb23a07ee0ef3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4b442fff52ee4b3cb4b06c04761647d9edf0eac6e480cd98a129612d6466a87
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77D09E35740119CFCF00EFA8D5545DC77B0EF88715F000069E109DB270D7759855CB51
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FFD9B4A12C0 Relevance: 2.2, Strings: 1, Instructions: 908COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 2C_I
                                                                                                                                                                                                              • API String ID: 0-999908352
                                                                                                                                                                                                              • Opcode ID: 38f1aef44f2a6e353e3ebe854a58070c0a46982fbab543f8675d3aa50d166046
                                                                                                                                                                                                              • Instruction ID: 3eef4d6d4ed244cd377a657070a50da32779523a07f1e2719acf1bd6304ed3fe
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38f1aef44f2a6e353e3ebe854a58070c0a46982fbab543f8675d3aa50d166046
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5B524B63B0F6C44FFB354AAC58651786BD2EF963A4B1901FBD098871FBE854AE01E341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A1518 Relevance: .5, Instructions: 490COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f6071d10f0456191517c5ae42b66b7ffab0413814d2a530739d9cc89826cbbad
                                                                                                                                                                                                              • Instruction ID: d1a1b7796dbcd165900e01a84030ff2763c92a1042fadd9184c4aade1d74b24c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6071d10f0456191517c5ae42b66b7ffab0413814d2a530739d9cc89826cbbad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61E15A62B0F6C90FE77946AC18691786BD2EF9A258B1901FFD099C71FBDC14AD02D341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A3751 Relevance: .3, Instructions: 301COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: e68ba271b2b174bc7cf9214f3b17409391f8f1b9f60511ead763053cf201a56d
                                                                                                                                                                                                              • Instruction ID: c4572d0bea96680c1fb42461b8c2037cf3bca111a406a9f1a038704a498796cb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e68ba271b2b174bc7cf9214f3b17409391f8f1b9f60511ead763053cf201a56d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8791482160E6C94FE766D77C98756717FE0EF53228B0A41FED0D9CB0A3E908A946C742
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A2A70 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 174db26201a09276d32ed748a4cc7cfdfdd19d60e00a61dffa55df6a64f546ad
                                                                                                                                                                                                              • Instruction ID: c76a10333a547f6076d738fa12042a5aaceeb42db2f3f79329ed88ea67c5b7f0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 174db26201a09276d32ed748a4cc7cfdfdd19d60e00a61dffa55df6a64f546ad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90815922F0FA9A0FE3799AFC59351A92B91DF8A654B0A41FBD04CC71F7DC086D06A341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A40E5 Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8feffbe617e6cf3204b841f6355f93274d430c8ad97fb0e9c2289ae9f2c91058
                                                                                                                                                                                                              • Instruction ID: 923e6aa85726173cdb32087b275f1e61059316bc27e91fde582e256a6c209b8a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8feffbe617e6cf3204b841f6355f93274d430c8ad97fb0e9c2289ae9f2c91058
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33717B21B0EA8A0FE76997B844766BC6FC1EF45258F1501FEE049C71F3DD1C69429382
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A5066 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9ef013e3a29d3a3461d6229130c76571de5776fc836ff7d0b3cad0ad1eafdf6a
                                                                                                                                                                                                              • Instruction ID: 44d788e4ac13e316fc85d675ce800260b5f2287089b8462d096343e4871c5332
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ef013e3a29d3a3461d6229130c76571de5776fc836ff7d0b3cad0ad1eafdf6a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56815D20B1DA854FD71DAB7C54364B8BBD1EF98314B1501FDE04DC72E3DE29A9029386
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A310E Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: b118e815c0a39a001ceafd7751a73ea798729957627f0d31a2e7b1a32fe3a815
                                                                                                                                                                                                              • Instruction ID: 0a90c18ae1ed11799c0c884ed252f7c911ccb9119f4afaa86a0267a2a717aca0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b118e815c0a39a001ceafd7751a73ea798729957627f0d31a2e7b1a32fe3a815
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68513722F1FA9E0FE7B552B818362B93BC1DF8A258B5601B6D45DC72E3EC0C6D025341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A4E6A Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: edc6f1fbeb3b4f91584c349627d56bee1393404e73f9af211813a2e1dbe8dd7e
                                                                                                                                                                                                              • Instruction ID: abec2fea28001bc21ca4d6a1f08ecb6987eaf8f8e92b6a9b0bda114cde849464
                                                                                                                                                                                                              • Opcode Fuzzy Hash: edc6f1fbeb3b4f91584c349627d56bee1393404e73f9af211813a2e1dbe8dd7e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83513C60A1E6C51FE71A977854366BDBFD1EF86304F0940FEE08A8B1E7CE5859069341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A34E1 Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: b847d1b01d783c153b57fcccd3d9f3d77375781aa036d78e7c5fb833a493b104
                                                                                                                                                                                                              • Instruction ID: a11c2362fc767d97d8d0a085b0bcc6c90b2a8c42dcc1e808de680cab56a6a840
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b847d1b01d783c153b57fcccd3d9f3d77375781aa036d78e7c5fb833a493b104
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5951E430A1DA4C8FDB65EF6CD8599E97BE0FF59304F0400BEE449D32A2DA35A941CB40
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A2258 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8590e8bbf7bcbaf40242eb679d5d2dbbd498529bdc14ed47c1cf551918eec14b
                                                                                                                                                                                                              • Instruction ID: 3a47ef60c53a83b52e7e3c1f42f314bb5c1596f331c5ded17a67efc81ec06119
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8590e8bbf7bcbaf40242eb679d5d2dbbd498529bdc14ed47c1cf551918eec14b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A514923B0F94A0BE759B7BC68725F5BB91EF42228B0902B7D499C60D7DD0869875381
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A580D Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: b31f15d09dfb5facb68795de24cc8fc9eaa03699c9982e24603f3d417137f122
                                                                                                                                                                                                              • Instruction ID: cf6b50b2cd9837d72c81e1cd9db4e434c61e31a6075f961d9a9e88eb09e42696
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b31f15d09dfb5facb68795de24cc8fc9eaa03699c9982e24603f3d417137f122
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30410812B0FA8A0FEBA5A27C14751B57BD1DF89264B1604FED08DCB1E7EC08AD069341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A1D90 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 31d5b5065465a7431e9efea33cbf5187f6bf82835d1b92d05aac0c57373b46a4
                                                                                                                                                                                                              • Instruction ID: 1c267e3972376662d41fce073819597001b0b4dc768cb910f5f1de4c32689559
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31d5b5065465a7431e9efea33cbf5187f6bf82835d1b92d05aac0c57373b46a4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 05410511E1FB9A0FE7AA977848756A53FA1DF57254B0601FBC058CB0E3EC4C694AC342
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A0288 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 25443a489384d58b0e5a9b1adf211a0ca08e17eb3e90e79b987d3ee9eb99ef13
                                                                                                                                                                                                              • Instruction ID: b4df817917b8b10abe467d6ecc7c955b0663ad5c4c883ae8993baef7e769427e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25443a489384d58b0e5a9b1adf211a0ca08e17eb3e90e79b987d3ee9eb99ef13
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0416765B0E6890FE37996AC5C716393BE1EF8A35070941BFD08CC72E7DE1879069391
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A4CCA Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 14bb90130714576a5bcc03ee864c593ba19ffbdb6fc75c9aff6d056c7c170d37
                                                                                                                                                                                                              • Instruction ID: a14a0dad7e24e5b58c9af9f15d3ad95221762ca426b1cf565f74cf959da16a3c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14bb90130714576a5bcc03ee864c593ba19ffbdb6fc75c9aff6d056c7c170d37
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94418A60A0EAC91FDB52FBB808664FABFE1DF0A31070945EDD4C9CB1B7C9195A478341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A55EB Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: ed2c4731f266cd8f66597256533091e69a329d85051bab4469f7b81597a41962
                                                                                                                                                                                                              • Instruction ID: bffa77715db36fe3186f0f75052a8544d5363570a42f08920af099a3dca6376d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed2c4731f266cd8f66597256533091e69a329d85051bab4469f7b81597a41962
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82412971B1EA884FDB19AB7854260BC7BD1EF9931871544FED04ECB1D7CE29A9038381
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A1C51 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a3d36f32815da33b95fb13657391309a10c7ebed53681f96b8af91c823c02e0b
                                                                                                                                                                                                              • Instruction ID: dfd7971588b019ae38a20d29bef24bec549c49a9de013a27160e949bcc0e50ef
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3d36f32815da33b95fb13657391309a10c7ebed53681f96b8af91c823c02e0b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE41E230A1E7C94FDB2A9BA958646F57FA0EF13329F0801BFD099C31A3CA582516C746
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A3B30 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 1bdbc5082ce88350440d2749af2203c26b8781e8e1531376436895458be83043
                                                                                                                                                                                                              • Instruction ID: bb8b4b57a79c60f29ed87f3875e6a9084c5fe5bee6bf5b6a1c91fcbc589e5660
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1bdbc5082ce88350440d2749af2203c26b8781e8e1531376436895458be83043
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A514970A1D6895FE756FB7488615A8BFE1EF4A314B1905FCC0C98B1E7D928A942C701
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A454D Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8967f004eeac7717c404cfe3d40e5305d0e36c8bb3dac7369f309c2fba6fcac6
                                                                                                                                                                                                              • Instruction ID: 8039dcbc94157c5840b1562a1fac135586c5f60ce4bc7b5142a4f41b6e6a9e19
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8967f004eeac7717c404cfe3d40e5305d0e36c8bb3dac7369f309c2fba6fcac6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7316C31E0A65C4FD754E7FC88555E97BE1EF89310B0941BED049E32A2CD286D019791
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A3F5D Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a1c47244f6dc1af6af2b581c6e79b3037859854db745bebb696f40022e3d1150
                                                                                                                                                                                                              • Instruction ID: e83ebf2c9dca9d1e716b0c6c8d3162057296bb399b045369d5dbce92a9cb8716
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1c47244f6dc1af6af2b581c6e79b3037859854db745bebb696f40022e3d1150
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD31397060E6C85FE745A7B8482B5F97FE0DF4A21470841EED4C9CB1B7D81EAA478341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A4F55 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 938806fb57d24169cb1d41071fb85437b8c8aebbff131ff752413f08ad4865bc
                                                                                                                                                                                                              • Instruction ID: 2d905dcb3231c38c65cd9656ac534b5e0d3d6b5431d6830d491672f7f5dfca2c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 938806fb57d24169cb1d41071fb85437b8c8aebbff131ff752413f08ad4865bc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F331C350B2D9850BE71DA7385036ABDB7C2EF95308F4A40BDE08A871E7CF5CA502A245
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A02E0 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: eb9fa9e72dffa143fd7c4cc1ce0103d718952737a4595d92d8731eb97ec33639
                                                                                                                                                                                                              • Instruction ID: 2316ba6e1949b87ba09e259ab4198a694896201c8ed86550102ec35483375fad
                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb9fa9e72dffa143fd7c4cc1ce0103d718952737a4595d92d8731eb97ec33639
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C031F770E0A65C4FD754E7FC88565F9BBE0EF49310F0541BED049E32A2DE286D119791
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A426A Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c0c1fb6ec04bfe804d97b519b6a3cc4bb2583c367428ec087bdd848524590057
                                                                                                                                                                                                              • Instruction ID: 86ed74aa8c62c1e12f333eee00e87d2243c60704571689d753db596fb0d9cae7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0c1fb6ec04bfe804d97b519b6a3cc4bb2583c367428ec087bdd848524590057
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C611CB61F1D50E06EB98AB6894B57BD61C2EFD8358F61593DE01FC22F6CD2CE9805283
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A4FA9 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 0f7a6f1a4b0a351ea13a2e61afd7dbd7ba435ca096b113253d90c148ecd0a401
                                                                                                                                                                                                              • Instruction ID: b7ae09fbf9cde80c3f5bb99d3fc3ec702ebda3e82629b26b13d879440e67831e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f7a6f1a4b0a351ea13a2e61afd7dbd7ba435ca096b113253d90c148ecd0a401
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2711A550B2D9C50AEA1D63785075BFCA6D2EF95304F4A40BCE04E871E7CF5CA906A345
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A3168 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 61d18b4caae1662d240382a53eb43eb234e441238dd1d37bdc8fd51d5e79e9ba
                                                                                                                                                                                                              • Instruction ID: a0e5d3c5490940086a4e5fddb3f80b6e1f739919a382aab09dd9287ddff839b3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 61d18b4caae1662d240382a53eb43eb234e441238dd1d37bdc8fd51d5e79e9ba
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0F08621B1FC5F05F2B611EC26752F525C1AB4566CFA60535D82DC61F2ED0CFA522541
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A3A55 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: b2fa0eca19e23e157831213b420d00766df30c007c14f3dade1fb8718a59fe98
                                                                                                                                                                                                              • Instruction ID: 03b1e4901d67a29f8454e4515b39153a69a9aea183821101fcb7fdfd062e9f2a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2fa0eca19e23e157831213b420d00766df30c007c14f3dade1fb8718a59fe98
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02F0F46070C6894FD749EB78047A6F6BBD1EF1E21070806FDD49ECB1E7ED1899868300
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A5AF1 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 4b876f005d6e3648cc6b736293521f62352231a06521414b906bdf9d19dac2ad
                                                                                                                                                                                                              • Instruction ID: cfbe00c89b68f4dcd25a62b0e55cf9e5df9edeac370cd1adc16a541a99d0336b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b876f005d6e3648cc6b736293521f62352231a06521414b906bdf9d19dac2ad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72F0F61065E5C94FDB63A77C58706A17FE49F07219B0900F7E0D8CA0E7D94C5D45C352
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A27D7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 4cbf4df526697c32da066a1311e16ac2138c2a15fd511790a8347ca57f8ccbed
                                                                                                                                                                                                              • Instruction ID: 9b48468d4e50ea9f97c66f9717e9783210f417dc42c91ed4c14359a59009b4a6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4cbf4df526697c32da066a1311e16ac2138c2a15fd511790a8347ca57f8ccbed
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28E07D3660F94C5BCF10EA9A6CA04CA3B98FB8D328B01012AF48CC3251E2125611C351
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A4DBE Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000003.2417799166.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 3e8f2ccc63855d002e501e9a8e615fa40158a1cbd32dc0f5f4c3d6a7308699a1
                                                                                                                                                                                                              • Instruction ID: e5170dea914e3d295dfd089924ba9b34ef5b5cb4cc3dd003056512b2a0747bc6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e8f2ccc63855d002e501e9a8e615fa40158a1cbd32dc0f5f4c3d6a7308699a1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BDC08C33F1800E8A9F209AD8A4010FEF3B0EB4432AF004137D62AD2500D62461225BD0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 054017F8 Relevance: 2.6, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $^q$$^q
                                                                                                                                                                                                              • API String ID: 0-355816377
                                                                                                                                                                                                              • Opcode ID: b12c09c620b3d6604896374d69e4acb25311f13209f52d491070a1cd15fe11c1
                                                                                                                                                                                                              • Instruction ID: 7dacc87f6f40dbd999195380dcd829de63381d6f0f37e50acbcc1709eb74bb2a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b12c09c620b3d6604896374d69e4acb25311f13209f52d491070a1cd15fe11c1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B721B132D00709CFCF10AF69D8448A9F7B5FF45304B1596AED4196F225EB31E588CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 054017E9 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $^q
                                                                                                                                                                                                              • API String ID: 0-388095546
                                                                                                                                                                                                              • Opcode ID: 7d401f3e17d63fcaf22408a3780a0ff7db3ee23f17598659920b214a682e8a71
                                                                                                                                                                                                              • Instruction ID: 91f856b455597e47ed53dcd626dea483399d76ea359466982b69f49a4a101924
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d401f3e17d63fcaf22408a3780a0ff7db3ee23f17598659920b214a682e8a71
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA21E032900749CFCF119F78D8548AABBB1FF45300F1696AED4496F266EB31D988CB91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 05400848 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: dcc74ce3302147f4884904c7130570b92c10a541f2f12afbcdac12398cab66e6
                                                                                                                                                                                                              • Instruction ID: 3e4955459853b9b840e8217ede0734e80a038b6bd857053c93a40648a0523c51
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dcc74ce3302147f4884904c7130570b92c10a541f2f12afbcdac12398cab66e6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB61A030A00326CFDF15EFB4D4587AE77B2BF84304F20956AE409AB395DB759846CB41
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 054015A2 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f4f7761a0a33fdefba6335020495e723be4f4d8a25785cc0d4730905930fdfe8
                                                                                                                                                                                                              • Instruction ID: a1da2d398b32087339277f0f6581fabcd68d36074641fb8ce46de264e71bf024
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4f7761a0a33fdefba6335020495e723be4f4d8a25785cc0d4730905930fdfe8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43515032E50B06AAE710DBA5CC45699F371FFDA700F21CB1AF6583B191EBB0A1D8C641
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 054015B0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: e7ec2b80b1d0c8b224c1af660cd16eddde60d36b18a41624c1d504b90b849fd7
                                                                                                                                                                                                              • Instruction ID: e8071e8e774c388aef373bcb591e937ebf81d60da492e8df18afcfd40abdd3a8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7ec2b80b1d0c8b224c1af660cd16eddde60d36b18a41624c1d504b90b849fd7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0515E32E50B06A6E710DBA5CC45B99F372FF99700F61CB16F6583B191EBB0A1D8C681
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 05401DC8 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c5f98830a11dcfca84e965a74b00c7612be53b2bb2b5e0e962476d020c8ce363
                                                                                                                                                                                                              • Instruction ID: 1e6cd9b27d26f103812d2adee1596fb501a05cfb627e82470912e9de9af15e7b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c5f98830a11dcfca84e965a74b00c7612be53b2bb2b5e0e962476d020c8ce363
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA418332E00B4A9BCB01DFB9C8504DDF7B2FF94300B11DA6AE555BB254EB30A586CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 05401029 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 86fbec6670dc58cb1ba7e8b4bafaf4c4a6d4536b7eac32975400d2a487e697b3
                                                                                                                                                                                                              • Instruction ID: 36696b4cdb30c3970d3a4e9e7ea2303bbc5157220f43eabb34bd6fda0a5dec80
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 86fbec6670dc58cb1ba7e8b4bafaf4c4a6d4536b7eac32975400d2a487e697b3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09415E30B0060A9FCB58DBB5D9949EEB7F3BFC4304B11C939D419AB2A4EB359906CB51
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 05400F20 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 14290498daad1e5b5c36b446bf8b590e6241c89746548ddc8d12d96fe6e591c8
                                                                                                                                                                                                              • Instruction ID: 1ee8a8b6525a099577efee512c4d2a28d987dc5307cf2bf60601f1665dc11261
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14290498daad1e5b5c36b446bf8b590e6241c89746548ddc8d12d96fe6e591c8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9921A7312983454FC312A77CA5646E97FE2EFC2334F1544ABD045CF1B6DAA88CCAC661
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 05401F34 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 63d5fe91dd3550963ecd17d38760139afc06b23db7eccc411d620c16a2f49f26
                                                                                                                                                                                                              • Instruction ID: d13f169c43a412a0a75844585d7ce6a26038de3de69a1218169d316e8d20bd53
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 63d5fe91dd3550963ecd17d38760139afc06b23db7eccc411d620c16a2f49f26
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7241E1B1D003598BCB10DFEAC984ADEFBB5BF48314F20852AD419BB244D7756A89CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 05401A89 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 39873816d57c21282b7c44feef8dacd4e63460c776c0556241d49405dc041c68
                                                                                                                                                                                                              • Instruction ID: c3e48f49853408e727cda9b7323455b8ffe1fb09c8077493a5d632a9719c3878
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 39873816d57c21282b7c44feef8dacd4e63460c776c0556241d49405dc041c68
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43318132E0070AAADB00DFB9D8844EEF7B2FFD4310F11D66AE415A7250EB30A585CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 05401934 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 73ba2f46e2341482d68fc435253b1f9ebda35e5dd1e8ffb91ed9e2dac11453a4
                                                                                                                                                                                                              • Instruction ID: b4ccb822941a21e411143a7eafdbd47ddc58b23ba2f20633efdd6093bfd11a00
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73ba2f46e2341482d68fc435253b1f9ebda35e5dd1e8ffb91ed9e2dac11453a4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C44102B1D01258DFCB14DFAAC984BDEBBF5BF48310F20902AE409AB290DB745946CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 054011E4 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 87245e85aa63bda53b29803381b73db73c379e35b8214eae97996366492f2e6f
                                                                                                                                                                                                              • Instruction ID: 31fcca09fcb9e9778b2cf2da7dd30a2f976291ea76d831d8556c9c530a6b4a29
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 87245e85aa63bda53b29803381b73db73c379e35b8214eae97996366492f2e6f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C411FB1D002489FDB14DFAAC994BDEBBF6BF48310F20902AE409BB290DB755945CF91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 05401F40 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: b64e5898535e510fa5028e2849b8c1fb2e880d9b6a3b6592a187601af8bd0086
                                                                                                                                                                                                              • Instruction ID: 9a966d1a16433efb7b23d42a049863eb0c3d4bfe52040f41a58e5e7f8aa2af12
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b64e5898535e510fa5028e2849b8c1fb2e880d9b6a3b6592a187601af8bd0086
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A41D0B1D0035D9ACB10DFEAC984ADEFBB5BF48304F20852AD419BB244DB756A49CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 054011F0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 83eb28241eb358fbc277592c57cf8eec0888199ac6e4e9893a8983cea3d4ae1b
                                                                                                                                                                                                              • Instruction ID: a2256e03bf6cb7642927d9b509548192c9f38fdd276d55d5fd71f45aa83223b8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83eb28241eb358fbc277592c57cf8eec0888199ac6e4e9893a8983cea3d4ae1b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F93102B1D012489FDB14DFAAC994BDEBBF6AF48300F24902AE409BB290DB755945CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 05401940 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 7281cf790c0f17b75ec714014aecdd7b87e570bdca582cd83efb12a38607447d
                                                                                                                                                                                                              • Instruction ID: fde3f41af95441ff67696f6373cbc8bb37a13eac613eb4bef4dd051350bdf420
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7281cf790c0f17b75ec714014aecdd7b87e570bdca582cd83efb12a38607447d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA3112B1D01258DFCB14DFAAC984BDEBBF5BF48304F20902AE409AB290DB745945CF91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 05400830 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 323cdc42ca2ee708de7154c98a7fc22544dd6b3f5923aca4bb9c07b81ca26dc7
                                                                                                                                                                                                              • Instruction ID: 19d21a51b648c126d7f4dbd3f3f78e48d283c8e8c9e27ee30ce0eb7f91f14732
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 323cdc42ca2ee708de7154c98a7fc22544dd6b3f5923aca4bb9c07b81ca26dc7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB210731A043524BCF15AA7084143EE77B7BBC1604F5445BBD90D9B395DB399806CB81
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 05401BA4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8ee49d0d21991168b5d16182f5d379c2cce4ae4757a1292bb4c113ea42bbf83b
                                                                                                                                                                                                              • Instruction ID: 2a48143b087390c93f8ff75ae0516371d300e554238bbfc95dd4902597992dae
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ee49d0d21991168b5d16182f5d379c2cce4ae4757a1292bb4c113ea42bbf83b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3231D4B1D042589FDB14CFA9D884BDEBFF4AB48324F24902AE419AB240C7759885CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 05401CB4 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8fb44320865b0bd6cd5463a41b575f36d1e1db0cfd71923e21af7d8273524582
                                                                                                                                                                                                              • Instruction ID: ac30912f83ab1ddae18a8fc64ec1023b75920f4da7ca84ffdc699d527d7d7ba1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8fb44320865b0bd6cd5463a41b575f36d1e1db0cfd71923e21af7d8273524582
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 933105B1C002489FCB14CFA9C984BDEBFF5AF48310F24902AE419BB250C7756886CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 05401CC0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 7572f9c65aa73ce857a800f158f648127322eff6244a427951063579225635bc
                                                                                                                                                                                                              • Instruction ID: 8bef41bcdb97036312bc3d54f4d74f40b6b0124eba19ab80104b4f9ba8f66afc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7572f9c65aa73ce857a800f158f648127322eff6244a427951063579225635bc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5831D4B1D002589FDB24DFAAC884BDEBFF5AF48310F24902AE419AB250CB756945CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 05401BB0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: bac223c18bdd88ed8e4ecdb87c1745f4f95649980b5e02191a159e8c71a760ae
                                                                                                                                                                                                              • Instruction ID: c22b0a30f0d81df37ea6784a8f17b45e0fa2f052fa244a4c1d38e7ec7a351ed3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bac223c18bdd88ed8e4ecdb87c1745f4f95649980b5e02191a159e8c71a760ae
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE21D6B1D04258DFDB14DFAAD884BDEBFF8BF48314F24902AE419AB240CB759845CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 05400F43 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 68aa76289a9bf17a6d679ef736dc1214d6ada1e7c9d0a9fdeda746d2b880f058
                                                                                                                                                                                                              • Instruction ID: 3f61b29ca6772fe2f2ccc4e6bb5085650449d66af9a733f47af1a6a43fbe0a05
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68aa76289a9bf17a6d679ef736dc1214d6ada1e7c9d0a9fdeda746d2b880f058
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 85F0F9311983444FC3119B68A1247D57FE5EF82330F1504AFD045CB1A2C6B84CCAC661
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 05401188 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 5cd4e91f5095e452397d7b21689f9810dc09aca57da8e5ade60dffe60df98fef
                                                                                                                                                                                                              • Instruction ID: 10c98cf5d8eec4c8eba6c40c1f27500a79ac15378283e21ddd4d577daaf9ba13
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5cd4e91f5095e452397d7b21689f9810dc09aca57da8e5ade60dffe60df98fef
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AAF08231A4120AAFCB45CFB0D9508EDBBF6EF8532471185AAD404DF161DA798D86DB50
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 054018E0 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 7de57e69a28570684246dd444f106eb66d7f738c02d1361dff554b5070703ec7
                                                                                                                                                                                                              • Instruction ID: 900a6f647bb57a11ea6707eea6e04025bd7231e94fcd128d98a0e86760b330ba
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7de57e69a28570684246dd444f106eb66d7f738c02d1361dff554b5070703ec7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58F02731A4124A9FCB40CFB498518A97BF6EFC2314312C4EEC008DF151DA348D46E740
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 05400AD8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 849f698415d7d29bae311c2615589e81551c4b14fc4e3594cf02b4df82511301
                                                                                                                                                                                                              • Instruction ID: ed90a1fbb4d5f20f26cb4c8dbc65418312d28771e4f50f8ec748dae9778c9d84
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 849f698415d7d29bae311c2615589e81551c4b14fc4e3594cf02b4df82511301
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8EF0F830911209EFCB41FFB8F94559CBBF1FB84204F5046A9D405EB314EA306A489B81
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 05400B3A Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 35539356e14893908b5ab6011319d22c0971d7d30601b8b675986710f0d969fb
                                                                                                                                                                                                              • Instruction ID: b050cc639bd0f2e2d2178c758ed260d3df9d4e6bc2310379123e4313d920ab8d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35539356e14893908b5ab6011319d22c0971d7d30601b8b675986710f0d969fb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0E0D6322A47018FC301EBACA0500C8B7E2FE84220715847BC008CB269EEA88C868BE0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 05401198 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9836fd50bd13843cd15a64e38cede91517e977e22d1809d51ebcd4d84d36dcf3
                                                                                                                                                                                                              • Instruction ID: 5ee12fc19a2df46694a9a9f13c37d3bc9e6e3059c56873715300abbffbdc977d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9836fd50bd13843cd15a64e38cede91517e977e22d1809d51ebcd4d84d36dcf3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AE09A31B01109ABCB04DFB5D940CAEBBEAEB84204741C4A8E5089B254EA31EA05AB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 054009B5 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000017.00000002.2414773999.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_23_2_5400000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 11d7130a7e0c70990d3fda4e87ea05384e9cde381cdd7a324e76e953c5c6214f
                                                                                                                                                                                                              • Instruction ID: 1209f4a94ef3501c775b7641b9f957df870af92e6339dd15ab1445f9d132f86b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11d7130a7e0c70990d3fda4e87ea05384e9cde381cdd7a324e76e953c5c6214f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64D067357401298FCF00EFA8D5486DC77B1EB88615F000069E1099B261D77598558B51
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FFD9B400FA8 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000019.00000002.2417577269.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_25_2_7ffd9b400000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 3be0bf847d39d2d0875e5cd1eaec34787fcec8f65773990de09d6c91ed868957
                                                                                                                                                                                                              • Instruction ID: ab1561c18d3dc3b2a34e2238a8a510388268936922be1a83ddee7623dea4f1f3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3be0bf847d39d2d0875e5cd1eaec34787fcec8f65773990de09d6c91ed868957
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2971C853B0FACD0BE776069C6C61135AF91DB97668B0903FBE0C8861FBD85A9E05D381
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B40135A Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000019.00000002.2417577269.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_25_2_7ffd9b400000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8ffa4b71212f0b8d9a1a17963f20b7d6e102487088b30dcab1e7f92ed2a83e01
                                                                                                                                                                                                              • Instruction ID: 62de078f7a369aa7830a40a7e6cdda806884d609bd3aed979f34ace8eae38558
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ffa4b71212f0b8d9a1a17963f20b7d6e102487088b30dcab1e7f92ed2a83e01
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D21B431A0CA4C9FEB18DBA8D849AE9BBE0FF55321F00422FD049D3652DB756856CB81
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B400E47 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000019.00000002.2417577269.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_25_2_7ffd9b400000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 36748864d1c6ff9aa48b501e05222e0f23d8615a982fb78c99a590072cb86cf0
                                                                                                                                                                                                              • Instruction ID: e36c60e5483d1e42523e25bc9bf0852ad01e75c6f4587db225c471dd7e0e8baf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36748864d1c6ff9aa48b501e05222e0f23d8615a982fb78c99a590072cb86cf0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AFF0B430A0DA480FD714AFA8A8528E97BD0EF49364B2405FFE04EC7196D93A95828282
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FFD9B4D12C0 Relevance: 2.2, Strings: 1, Instructions: 913COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001B.00000003.2428045711.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_27_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 2@_I
                                                                                                                                                                                                              • API String ID: 0-970971737
                                                                                                                                                                                                              • Opcode ID: 063d6daf2b06ecd9d6d21c27e0f0a873556e0910a54acae1e69de49ecc2be49f
                                                                                                                                                                                                              • Instruction ID: ff434dc60d39be240ccf55c2810757e8ebc0dbcc500a517c0d23cca9b5791297
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 063d6daf2b06ecd9d6d21c27e0f0a873556e0910a54acae1e69de49ecc2be49f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54520662B0F6C40FEB7586AC68251296F92EFC5764B1902FBE49CC71FBE814BD01A341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4D3751 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001B.00000003.2428045711.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_27_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 6Xp
                                                                                                                                                                                                              • API String ID: 0-702430772
                                                                                                                                                                                                              • Opcode ID: 49bed61a8e31cc96f5689c9a902994bec71507b4f72f501262e206fe61c52065
                                                                                                                                                                                                              • Instruction ID: a49f88bb16e998ae121d018b8d2cd49210d36d24f8e1583d1fa5621fb7cafdfb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49bed61a8e31cc96f5689c9a902994bec71507b4f72f501262e206fe61c52065
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87912A2170E6C94FE766977C98746717FE0EF93328B0902FAE0D9C70A3E9086946C752
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4D1518 Relevance: .5, Instructions: 496COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001B.00000003.2428045711.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_27_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 325fa752aa67aac0a1fdc9308a7b6b6d60242568ac88a99548ef0a60867df422
                                                                                                                                                                                                              • Instruction ID: 733467c49129396dae07f788417cc00d866aab4b3892a77cc9583e583e5e6294
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 325fa752aa67aac0a1fdc9308a7b6b6d60242568ac88a99548ef0a60867df422
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1AE15862B0FA890FE7798AAC64291686FD2EF85754B1902FBD48DC72FBDC14BD019341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4D4578 Relevance: 6.7, Strings: 5, Instructions: 452COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001B.00000003.2428045711.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_27_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: H7Xp$P7Xp$X7Xp$x6Xp$x6Xp
                                                                                                                                                                                                              • API String ID: 0-1584447097
                                                                                                                                                                                                              • Opcode ID: e726c60cf1ef3847288a7ee4dc175f7e3a49008cffe6395ec97bf908707b83a8
                                                                                                                                                                                                              • Instruction ID: d0e8f2b997e6b07e1af179436071dee827a7308a4f59c949acfbd228d970cdf4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e726c60cf1ef3847288a7ee4dc175f7e3a49008cffe6395ec97bf908707b83a8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3B13831B1DA894FD719AB6C94259ED77E1EFC9344B1542BEE04EC72D7CE28B9028381
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4D3B82 Relevance: 5.2, Strings: 4, Instructions: 246COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001B.00000003.2428045711.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_27_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 07Xp$87Xp$@7Xp$x6Xp
                                                                                                                                                                                                              • API String ID: 0-3195179031
                                                                                                                                                                                                              • Opcode ID: 1a56041babf19f530383cc2370bcf24bb5d07cbfde16ba6a5411b45c4ef7cf69
                                                                                                                                                                                                              • Instruction ID: 8bc8557ac3349c76e1d5f8a5003dea7bbc0303b72515a4023076e987049e4178
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a56041babf19f530383cc2370bcf24bb5d07cbfde16ba6a5411b45c4ef7cf69
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71718621B0EA8A0FE7A9A77844752B97BD2DFC5708F5502BAE44EC72E3CD18BD419701
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4D39B9 Relevance: 2.7, Strings: 2, Instructions: 171COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001B.00000003.2428045711.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_27_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 7Xp$(7Xp
                                                                                                                                                                                                              • API String ID: 0-2725002520
                                                                                                                                                                                                              • Opcode ID: bcbbae62914da8cc4fb7cbd41633b9f6b400d42e5fce6c7f9057aeb6b8e33905
                                                                                                                                                                                                              • Instruction ID: fa6c329c86dbf5cee2ae2589634832beeecbb624182c07d9fc11b742b534520e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bcbbae62914da8cc4fb7cbd41633b9f6b400d42e5fce6c7f9057aeb6b8e33905
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3551B430A19A8E8FD745EF68C8656A97BE1FF8A304B1506E6D409CB2A2CD30FD41C751
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4D2A70 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001B.00000003.2428045711.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_27_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: x6Xp
                                                                                                                                                                                                              • API String ID: 0-2370725933
                                                                                                                                                                                                              • Opcode ID: c8b65946d130fa2f5b9d3f77639ea6e5f97057447b06b5c581c17ee89efc55b6
                                                                                                                                                                                                              • Instruction ID: f205ee76c8133a13e576c7e95128ff85093ef4aa774e0d21fc3db4b7a83d334f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8b65946d130fa2f5b9d3f77639ea6e5f97057447b06b5c581c17ee89efc55b6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7813811B0FA9A0FE77A9AFC98711A92B91DFC6654B4A43FBD048C71E7DC087D069341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4D2258 Relevance: 1.5, Strings: 1, Instructions: 207COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001B.00000003.2428045711.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_27_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: `7Xp
                                                                                                                                                                                                              • API String ID: 0-421625194
                                                                                                                                                                                                              • Opcode ID: 0207098ad3f3e40197f87bc3c2769ad1134e38dc543b38f195275c0223926245
                                                                                                                                                                                                              • Instruction ID: 81ae97e9a8eb0ed129a7d4cd3747e259bd64bb98d5e588791508986acba1297e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0207098ad3f3e40197f87bc3c2769ad1134e38dc543b38f195275c0223926245
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78517C22B0E5490FE759BBBCA8665F47BD0EF8522470502FBD49DC70D7DD0868878381
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4D34E1 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001B.00000003.2428045711.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_27_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 6Xp
                                                                                                                                                                                                              • API String ID: 0-702430772
                                                                                                                                                                                                              • Opcode ID: 6ba6bcf91bf0326d873c0b897290c76ddd11d6daae39e804ff25770bf015168d
                                                                                                                                                                                                              • Instruction ID: 34e0e6c35dfe49b969cc6b6d8a0f841dc91e3c2c99e1de18b6343003e66ee039
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ba6bcf91bf0326d873c0b897290c76ddd11d6daae39e804ff25770bf015168d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8051B030B18A0D8FEB95EF6CD854AE97BE1FF59314B1501BAE40DC72A2DA35E841CB40
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4D4A5D Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001B.00000003.2428045711.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_27_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: x6Xp
                                                                                                                                                                                                              • API String ID: 0-2370725933
                                                                                                                                                                                                              • Opcode ID: 0252c99693501cbedcfe8f7dc6379f7851f0ae24a8cd308b49adfc5859a74cee
                                                                                                                                                                                                              • Instruction ID: bd7effa7331201c336717991f5fa83700746acb87d44083eceb6d82cc9744590
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0252c99693501cbedcfe8f7dc6379f7851f0ae24a8cd308b49adfc5859a74cee
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EA414822B0EA4A0FE7A5567C54753B527D1DFD8264F1602BAD449C72E2ED18BD018381
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4D1D90 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001B.00000003.2428045711.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_27_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9eefec938cff2c21f5a6d584b258f333368dfbe186f1305691bada879508eac0
                                                                                                                                                                                                              • Instruction ID: 4bdc194d1e0a7bbad8dd1b7a39b595dd42807a7ac2b2b43384008d543dd0bbd6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9eefec938cff2c21f5a6d584b258f333368dfbe186f1305691bada879508eac0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48412911E0EB8A0FE36A977848756A43FA1DF96254B0502FFC84CCB0E3ED5C6D468342
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4D1C51 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001B.00000003.2428045711.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_27_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: fc426f9a2d991f61c75ddd6ba0aa0da468e02150a427e48177c7a5347ba006f2
                                                                                                                                                                                                              • Instruction ID: da2081f12c1d638d7562ce176d420481ecb91f045888639f2444abaed4ccf892
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc426f9a2d991f61c75ddd6ba0aa0da468e02150a427e48177c7a5347ba006f2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6441E53091E7CD4FDB2A9BA958656F57FA0EF53329F0402BFD089C31A3CA582416C746
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4D3FCD Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001B.00000003.2428045711.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_27_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d1fd50d28f89807d2c4bc1706dd4d0a92206170dc6fad37cf2bac0d241e09eec
                                                                                                                                                                                                              • Instruction ID: 63506fbf37dfd3579e33782aed6127e844ba61045edd711a18b0a342559548a6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1fd50d28f89807d2c4bc1706dd4d0a92206170dc6fad37cf2bac0d241e09eec
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E412730F0960C4FDB59EBA8C8659E97BF1EF99310F0502BAE009D72A2CD24B900CB91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4D03E8 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001B.00000003.2428045711.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_27_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 2c75ca53dadc5ac2717cadbb824b6f3e16e2e1941200368e5f9923b7be19271e
                                                                                                                                                                                                              • Instruction ID: 3d66a191985d282e0d98ff9f5d8d90076a287eb47fe6803715b13cfbf8438126
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2c75ca53dadc5ac2717cadbb824b6f3e16e2e1941200368e5f9923b7be19271e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99214721B0F74E0FE32815BC58252B577D1DF85754F124ABBD808C71F6D918BD855291
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4D3168 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001B.00000003.2428045711.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_27_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 6a7816c68f9dad99311dbe62cae80dee6fbb3fef8f8e75f62992409293fca59d
                                                                                                                                                                                                              • Instruction ID: ac17b969a190f487d2e843dddbcbc3c8262dcc65c0cc1863365fe96c7f1c2a37
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a7816c68f9dad99311dbe62cae80dee6fbb3fef8f8e75f62992409293fca59d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50F06D11B1B85F05F27622E826B52BD21C1ABC9668FA60735D82DC62F2DC08BA526542
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4D4CF1 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001B.00000003.2428045711.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_27_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 5f8bffe6f90ccaefb25c96e52cb97f3fa594db86a5fc465eeef37305509b3247
                                                                                                                                                                                                              • Instruction ID: afff54b7b25bc6ad432a5744f05eeaa3e3a274ab799bb8b6099cb7981f7adc9c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5f8bffe6f90ccaefb25c96e52cb97f3fa594db86a5fc465eeef37305509b3247
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57F0AF2065E5C94FE763A7AC58706617FE49F87218B1A01EFE0D8C70A7D9492985C392
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4D27D7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001B.00000003.2428045711.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_27_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 11617800857e77627b51f0491a5dc58bd7c7569440622708fe8dc0d5f1ba7d90
                                                                                                                                                                                                              • Instruction ID: 28f7f46956245ecab9446cdfec7821fe6e50520edb3c9a357d0981b9bfa8a95a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11617800857e77627b51f0491a5dc58bd7c7569440622708fe8dc0d5f1ba7d90
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7EE07D3260F94C5BCB10EA9AAC604CA3B98FBDD318B01022BF48CC3251E2125511C351
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4D0271 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001B.00000003.2428045711.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_27_3_7ffd9b4d0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 494321b211d3b07eba72ae0cfba8f1e5f15258979fdff7b412b7bd2dce9a97e0
                                                                                                                                                                                                              • Instruction ID: 06401d89036e6c46b20f7c1a37fce2788aa04f350aaf19392997c2e569a891a5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 494321b211d3b07eba72ae0cfba8f1e5f15258979fdff7b412b7bd2dce9a97e0
                                                                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                              Execution Coverage:29.8%
                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                              Signature Coverage:27.3%
                                                                                                                                                                                                              Total number of Nodes:11
                                                                                                                                                                                                              Total number of Limit Nodes:1

                                                                                                                                                                                                              Callgraph

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FFD9B3F17FA Relevance: 2.1, APIs: 1, Instructions: 646COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 387 7ffd9b3f17fa-7ffd9b3f1cd4 SetupDiGetDeviceRegistryPropertyW 394 7ffd9b3f1cdc-7ffd9b3f1d0d 387->394 395 7ffd9b3f1cd6 387->395 395->394
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001C.00000002.2427818861.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_7ffd9b3f0000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DevicePropertyRegistrySetup
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3249385096-0
                                                                                                                                                                                                              • Opcode ID: fd48da86a085cc872e9e7b9551ff475ff012f3234f4f6969ec1c14e507d6d002
                                                                                                                                                                                                              • Instruction ID: b27d3c39364f07132d65910bba5ed86d5c5c59d4d3bf2da4e2064e4d9310c6fc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd48da86a085cc872e9e7b9551ff475ff012f3234f4f6969ec1c14e507d6d002
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1441F471A0DB884FDB59DF98D8556E87BF0EF5A311F0442AFD088D3252CA74A8468781
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B3F12E9 Relevance: 2.0, APIs: 1, Instructions: 506COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 397 7ffd9b3f12e9-7ffd9b3f1311 399 7ffd9b3f135b-7ffd9b3f1370 call 7ffd9b3f1120 397->399 400 7ffd9b3f1313-7ffd9b3f1336 397->400 410 7ffd9b3f13c2-7ffd9b3f13cc 399->410 411 7ffd9b3f1372-7ffd9b3f137b 399->411 401 7ffd9b3f1338-7ffd9b3f133b 400->401 402 7ffd9b3f138f-7ffd9b3f13ba call 7ffd9b3f0548 400->402 404 7ffd9b3f13bc-7ffd9b3f13c1 401->404 405 7ffd9b3f133d-7ffd9b3f133f 401->405 408 7ffd9b3f13bb 402->408 405->408 409 7ffd9b3f1341 405->409 408->404 413 7ffd9b3f1386-7ffd9b3f138e call 7ffd9b3f0540 409->413 414 7ffd9b3f1343-7ffd9b3f1359 409->414 415 7ffd9b3f1425-7ffd9b3f1427 410->415 416 7ffd9b3f13ce-7ffd9b3f13d1 410->416 411->413 413->402 414->399 421 7ffd9b3f1429-7ffd9b3f142c 415->421 422 7ffd9b3f14a8-7ffd9b3f14d9 call 7ffd9b3f1130 415->422 419 7ffd9b3f13d3-7ffd9b3f13d5 416->419 420 7ffd9b3f1452 416->420 426 7ffd9b3f13d7 419->426 427 7ffd9b3f1451 419->427 424 7ffd9b3f1453-7ffd9b3f1455 420->424 421->415 428 7ffd9b3f142d-7ffd9b3f143d 421->428 436 7ffd9b3f14db-7ffd9b3f14fb 422->436 437 7ffd9b3f14fd-7ffd9b3f1513 call 7ffd9b3f1110 422->437 430 7ffd9b3f1457-7ffd9b3f145d 424->430 432 7ffd9b3f13d9-7ffd9b3f13db 426->432 433 7ffd9b3f141a 426->433 427->420 434 7ffd9b3f143e-7ffd9b3f144d call 7ffd9b3f1110 428->434 435 7ffd9b3f145e-7ffd9b3f145f 430->435 432->430 440 7ffd9b3f13dd-7ffd9b3f13e5 432->440 438 7ffd9b3f141b 433->438 439 7ffd9b3f1496-7ffd9b3f1499 433->439 434->427 449 7ffd9b3f1519-7ffd9b3f152a 434->449 443 7ffd9b3f1461-7ffd9b3f146e 435->443 436->437 471 7ffd9b3f152b-7ffd9b3f1534 436->471 437->424 437->449 444 7ffd9b3f149c-7ffd9b3f149e 438->444 445 7ffd9b3f141c 438->445 448 7ffd9b3f149b 439->448 440->443 447 7ffd9b3f13e7 440->447 450 7ffd9b3f1472-7ffd9b3f1484 443->450 456 7ffd9b3f14a4-7ffd9b3f14a7 444->456 452 7ffd9b3f141d 445->452 453 7ffd9b3f141e-7ffd9b3f141f 445->453 447->428 455 7ffd9b3f13e9-7ffd9b3f13ed 447->455 448->444 457 7ffd9b3f1485-7ffd9b3f1486 call 7ffd9b3f1140 450->457 452->453 453->448 458 7ffd9b3f1420 453->458 455->435 459 7ffd9b3f13ef-7ffd9b3f13f6 455->459 456->422 466 7ffd9b3f148b 457->466 463 7ffd9b3f1491-7ffd9b3f1493 458->463 464 7ffd9b3f1421-7ffd9b3f1423 458->464 459->450 460 7ffd9b3f13f8 459->460 460->434 465 7ffd9b3f13fa-7ffd9b3f1414 460->465 463->437 467 7ffd9b3f1495 463->467 464->415 465->457 470 7ffd9b3f1416-7ffd9b3f1419 465->470 466->463 467->439 470->433 472 7ffd9b3f1536-7ffd9b3f1539 471->472 473 7ffd9b3f158d 471->473 476 7ffd9b3f153b-7ffd9b3f153d 472->476 477 7ffd9b3f15ba-7ffd9b3f15c5 472->477 474 7ffd9b3f15fe 473->474 475 7ffd9b3f158e-7ffd9b3f1594 473->475 482 7ffd9b3f15ff-7ffd9b3f1604 474->482 478 7ffd9b3f1615-7ffd9b3f161c 475->478 479 7ffd9b3f1596 475->479 480 7ffd9b3f15b9 476->480 481 7ffd9b3f153f 476->481 487 7ffd9b3f161e-7ffd9b3f16a7 SetupDiGetClassDevsExW 478->487 483 7ffd9b3f1598 479->483 480->477 484 7ffd9b3f1583-7ffd9b3f158c 481->484 485 7ffd9b3f1541-7ffd9b3f1547 481->485 486 7ffd9b3f1608-7ffd9b3f1613 482->486 488 7ffd9b3f159a-7ffd9b3f15a2 483->488 489 7ffd9b3f1614 483->489 484->473 484->486 490 7ffd9b3f1549-7ffd9b3f1550 485->490 491 7ffd9b3f15b8 485->491 486->489 508 7ffd9b3f16a9 487->508 509 7ffd9b3f16af-7ffd9b3f16d7 487->509 488->487 492 7ffd9b3f15a4 488->492 489->478 493 7ffd9b3f15cc-7ffd9b3f15d6 490->493 494 7ffd9b3f1552 490->494 491->480 496 7ffd9b3f15e9-7ffd9b3f15ef 492->496 497 7ffd9b3f15a6 492->497 499 7ffd9b3f15da-7ffd9b3f15dc 493->499 494->483 498 7ffd9b3f1554-7ffd9b3f1558 494->498 506 7ffd9b3f15f1-7ffd9b3f15fd 496->506 501 7ffd9b3f15a9-7ffd9b3f15b7 497->501 502 7ffd9b3f15c9-7ffd9b3f15cb 498->502 503 7ffd9b3f155a-7ffd9b3f1561 498->503 505 7ffd9b3f15dd-7ffd9b3f15e7 499->505 501->491 502->493 503->505 507 7ffd9b3f1563 503->507 510 7ffd9b3f15e8 505->510 506->474 507->501 511 7ffd9b3f1565-7ffd9b3f1569 507->511 508->509 510->496 511->499 513 7ffd9b3f156b-7ffd9b3f1570 511->513 513->506 514 7ffd9b3f1572-7ffd9b3f1577 513->514 514->510 515 7ffd9b3f1579-7ffd9b3f157e 514->515 515->482 516 7ffd9b3f1580 515->516 516->484
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001C.00000002.2427818861.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_7ffd9b3f0000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 76764e674510ee8ab015eb512006cb322b6fa3037dc865ebc679e315d50b24d2
                                                                                                                                                                                                              • Instruction ID: e4def2f8bd9f076396df8d2158811b5bb27b8f5e7417684632cbf84ed61c84e7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76764e674510ee8ab015eb512006cb322b6fa3037dc865ebc679e315d50b24d2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54F10971F0EB894FF779EA6468226B57FE0EF56310F0501BED48DC71A2DA18650A8382
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B3F1D11 Relevance: 1.6, APIs: 1, Instructions: 146COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 517 7ffd9b3f1d11-7ffd9b3f1d1d 518 7ffd9b3f1d28-7ffd9b3f1e03 SetupDiGetDeviceRegistryPropertyW 517->518 519 7ffd9b3f1d1f-7ffd9b3f1d27 517->519 523 7ffd9b3f1e0b-7ffd9b3f1e3a 518->523 524 7ffd9b3f1e05 518->524 519->518 524->523
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001C.00000002.2427818861.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_7ffd9b3f0000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DevicePropertyRegistrySetup
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3249385096-0
                                                                                                                                                                                                              • Opcode ID: 73aabaf8cb357565dffd4aad5cf5fc9d7696bada41aaeb21407aaf35faf4a4df
                                                                                                                                                                                                              • Instruction ID: 05680d3dcb8aefca713500b6c668c3a978faf1f48ca6e669cfc7c4560ffcef3e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73aabaf8cb357565dffd4aad5cf5fc9d7696bada41aaeb21407aaf35faf4a4df
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF41C531A0CA5C9FDB58DF58D845AE9BBE0FF59321F04426FE049D3692CB74A845CB81
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B3F1E3D Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 526 7ffd9b3f1e3d-7ffd9b3f1e49 527 7ffd9b3f1e4b-7ffd9b3f1e53 526->527 528 7ffd9b3f1e54-7ffd9b3f1ee2 SetupDiDestroyDeviceInfoList 526->528 527->528 532 7ffd9b3f1eea-7ffd9b3f1f18 528->532 533 7ffd9b3f1ee4 528->533 533->532
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001C.00000002.2427818861.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_28_2_7ffd9b3f0000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DestroyDeviceInfoListSetup
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 271767589-0
                                                                                                                                                                                                              • Opcode ID: fda7b8dc0e088ca9a9f8ce6563ebbcc0a34f85d07eaed655baece3c6a823a7e5
                                                                                                                                                                                                              • Instruction ID: a0ac9d46d2ae9d4cfbfdfd91fc5a1f3d8c83f3aaa106ddcc5c980ff603d64bb1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fda7b8dc0e088ca9a9f8ce6563ebbcc0a34f85d07eaed655baece3c6a823a7e5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5310731A0CA4C8FDB18DB98D855BF9BBE1FF65320F04426ED049C3592CB74A855CB81
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FFD9B4912C0 Relevance: 2.1, Strings: 1, Instructions: 894COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 2D_I
                                                                                                                                                                                                              • API String ID: 0-1054241413
                                                                                                                                                                                                              • Opcode ID: 8298fc50e834460a2896b70acda25e0f89961973513b37f09c87d15ffc8c2c8a
                                                                                                                                                                                                              • Instruction ID: 7bc04b5002c7632bf49892dec30981ae74b0b5091b1981e72969562337d23191
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8298fc50e834460a2896b70acda25e0f89961973513b37f09c87d15ffc8c2c8a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67526B63B0FAC51FE73586AC58251787B92EF86B64B1901FBD089C71FBE854AD01E342
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B494E6A Relevance: .5, Instructions: 494COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: ad0d9e386b49a056307ce44a8ca8489a33f50df492bb40c4b1ab940570a7589b
                                                                                                                                                                                                              • Instruction ID: db7dff52a306c6f958473305a6d8e421dda1c33418ff72df2d686315744c4f96
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad0d9e386b49a056307ce44a8ca8489a33f50df492bb40c4b1ab940570a7589b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3E12930B1DA890FDB5DDB2C84255B977E2EF99308B1541BEE04EC73E7DE24A9429381
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B491518 Relevance: .5, Instructions: 489COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 463efe0e3f411bdcf7bab3a936fce3fcb8467e49ff441aa5ee4956227eb3c88a
                                                                                                                                                                                                              • Instruction ID: a8430f8f15dc5725bb7352a7c2fb19432427f63f29017f7f40547a12956cc1c5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 463efe0e3f411bdcf7bab3a936fce3fcb8467e49ff441aa5ee4956227eb3c88a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1E17B62B0FAC90FE7758AAC54291787B92EF46754B0901FBD089C72F7EC55AD02D382
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B494A48 Relevance: .5, Instructions: 453COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 42b9870a70ce82af0555922ed6c93c463e85441ba31b57c7aefdcd43a1860c5c
                                                                                                                                                                                                              • Instruction ID: a9718534c20b6cdaa9b24bd8a23b7768f3c84fbb2ac95ed84f865a6244c64449
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 42b9870a70ce82af0555922ed6c93c463e85441ba31b57c7aefdcd43a1860c5c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5D13A26B0D5990FE745BB7CA8615E97FA1EF8631870843F7D09DCB297CD24A8878390
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B493751 Relevance: .3, Instructions: 307COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: bd93bfd74da7f0ebeb6f02fc1e1c75366170a7c22cfcfedb2dc647657f46fc3c
                                                                                                                                                                                                              • Instruction ID: 370b894a9a92be7a714b2a665cb19f53fff69245082b101531a0be13028d48b3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd93bfd74da7f0ebeb6f02fc1e1c75366170a7c22cfcfedb2dc647657f46fc3c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2891162160E6C94FE7A6D77C98746717FE0EF53728B0901FAD0D9C70A7E908A946C742
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4939B9 Relevance: .7, Instructions: 711COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 87a7c5f0e15367f6802ee1c3c601b3c8125c42ca79f561b1731390caecfb45e0
                                                                                                                                                                                                              • Instruction ID: dba6de9e1d0c2fcf6f5c72190c2f6964a8481e68eeb9fd0981d828e2c9041582
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 87a7c5f0e15367f6802ee1c3c601b3c8125c42ca79f561b1731390caecfb45e0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D032E430B18A8D4FE755EF28C860AB9B7E1EF5A708F1501B9D45DC72A6DE34AD42CB40
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B49544D Relevance: .3, Instructions: 338COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 029278673da40cd1e68ce22ceb4b8316bc998fda222a26b650cc499abe0c6aa3
                                                                                                                                                                                                              • Instruction ID: f7ab4977cdb6cd0be862b3dbbe26c10aca7530eb91aeba02c9b0376c741eaad7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 029278673da40cd1e68ce22ceb4b8316bc998fda222a26b650cc499abe0c6aa3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65A11A31B1DA894FDB6DEB2C94256BC77D1EF99708B1541BEE04EC72D7DE24A9028380
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4940E5 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 0653bf5070ea8f11e7d8ecce0ba5368c98c540a920ebd36070f59c037f0d7272
                                                                                                                                                                                                              • Instruction ID: 850f43f791ef76c378a4a1cc096462dd1a1f8bb97170fde41131c3067c3c8396
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0653bf5070ea8f11e7d8ecce0ba5368c98c540a920ebd36070f59c037f0d7272
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99715720B0EA8A0FE7B9977884752B47BC1EF85758F1542BEE04DC72E7DD18A9419382
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B492A70 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f5a06b15ac0ec48461e4d860793a5eb4b1f7a0e007546bd9286485fdcc68e546
                                                                                                                                                                                                              • Instruction ID: a5941bf6e2918740d81c4a07179454a365e46f19584fa1a13a522005f996b569
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5a06b15ac0ec48461e4d860793a5eb4b1f7a0e007546bd9286485fdcc68e546
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07610722F0FA9A0FE7BE56F848751A52BD1EF86A14B1602FBD058C71E7EC085D479341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B492AF0 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 149d8014083107981f2747f0724026ed4e64834b10860eb331e2551bb079f86e
                                                                                                                                                                                                              • Instruction ID: 0e682dce5ccec4ecae1f3828fbc66627698de73999952e5e100d42442a30d9e9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 149d8014083107981f2747f0724026ed4e64834b10860eb331e2551bb079f86e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59513712B0FA9E0FE77E9AFC18711B46BD1DF86A58B0A41FAC058C72F7DC0869465341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4934E1 Relevance: .2, Instructions: 196COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c5a73740177d177ee1a1597a1e4d7cd15cb9c9e3395c219534ad58db42a273fa
                                                                                                                                                                                                              • Instruction ID: 00174ee4ea788f08158638187d14f4452b6d57e3aaf5ab805327b1747a8d5a2c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c5a73740177d177ee1a1597a1e4d7cd15cb9c9e3395c219534ad58db42a273fa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8851CF30B08A4C8FEB95EF6CD855AE97BE1FF59314B0501AAE44DC72A2DA35AC41CB40
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B492258 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 1be05d8064c4405805ae7a022933331f6cf003972da2bfcac4552d752c2bc735
                                                                                                                                                                                                              • Instruction ID: 58acff0ecf78a68cd0ca76f84fba7bd68072cdf2005b4494f761ef1e50b40485
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1be05d8064c4405805ae7a022933331f6cf003972da2bfcac4552d752c2bc735
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92516D13F0E54A0BD7597BFC68665F57BD0EF42228B0902B7D499C70D7DD0969874382
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B491D90 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: b9d810f91cadcfd0c0adff2227b2cc3c5fca9e5cc7ba8728115a0eb642bbba68
                                                                                                                                                                                                              • Instruction ID: fac0fb10b3feae57626bfede748fb7cef97b80c00c6b73d2e8a4de0525688a5b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9d810f91cadcfd0c0adff2227b2cc3c5fca9e5cc7ba8728115a0eb642bbba68
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0413711E0FB8A1FF7AA977848756A43FA1DF56A54B0601FBC048CB1E7ED4C5D4A8342
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B49585D Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9ef00e0ab9a5dec189a320716cecaeee29f113940ec838ffb85637b0a6999d97
                                                                                                                                                                                                              • Instruction ID: e6226aecdba94871fb1ba09db7364266fcb47ba168d4f345c29340bb98ec336d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ef00e0ab9a5dec189a320716cecaeee29f113940ec838ffb85637b0a6999d97
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78413712B0EB4A0FE7A5A67C14692B527D1DF89A64F2A01B6D04DC72E3EC189D059341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B491C51 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 92a0d3aaed17cc176f48ff47ace37e1611b8fb3bc323745b2619a9242556e431
                                                                                                                                                                                                              • Instruction ID: fbbe0e52070f2730414d4ea3795a568600949b39f13d696af102346d16c510ae
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 92a0d3aaed17cc176f48ff47ace37e1611b8fb3bc323745b2619a9242556e431
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E41E33091E7C95FDB2A9BA958646F57FA0EF13329F0801BFD099C21A3CA582416C746
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B49454D Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f9edc77e90bfb361f3ed3a809e0970d3b77e8d230e317a6590e9255d634b1134
                                                                                                                                                                                                              • Instruction ID: 81b85b26f5797fb343d053423e2e7a0305e9ba76f68d4406fa914ff0394e49ee
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9edc77e90bfb361f3ed3a809e0970d3b77e8d230e317a6590e9255d634b1134
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37310631F0960C4FDB68EBACC861AE97BB1EF99710B0501AAE009D32A2CD24AD41D790
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4902E0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 3bc5ad3d9fa33d2b5e715293540d05f793c5be10300c9da686167455d923cd13
                                                                                                                                                                                                              • Instruction ID: 59eccd937790edccd76836dff0c7475571d538daf450bfd9d69e1ca0d2cef334
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3bc5ad3d9fa33d2b5e715293540d05f793c5be10300c9da686167455d923cd13
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3319130F0951C4FDB68EBACD8A1AF977A1EFA9714F050169E009D32A2CE24AD51DB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B493168 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f3806c8a42dee169c0dfadb9a06870ba6249b648c65239ed1effc851e4def48e
                                                                                                                                                                                                              • Instruction ID: 68b1133ea6a6f7e044d27875454af783d97870ed1c5fc6300c213e6072618c90
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3806c8a42dee169c0dfadb9a06870ba6249b648c65239ed1effc851e4def48e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DF01D11B5AC5E06F37621E816A62B961C1AB4AA2CFA60635D83DC62F2DC08AA522552
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B495AF1 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 843ca15e0b6a6fcbe34da0472be4ec8dd96c69c7cdd7e77a3370352db1732d6f
                                                                                                                                                                                                              • Instruction ID: ce29690181bc40ba556dd47cc2fa9ed2d034d1fea45520450aa182d9363325a1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 843ca15e0b6a6fcbe34da0472be4ec8dd96c69c7cdd7e77a3370352db1732d6f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7BF0C21065E6C98FD763A77C5870AA13FA49F07218B1900E7E0D8CA0A7D9485D45C362
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B493060 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: b8198d5a74e156d491472a298a04b7acb19a94cf4fa5631d7599cf5fdb495eeb
                                                                                                                                                                                                              • Instruction ID: 4efac273e0d2eb79e651d6674e3cbeadc4632188cccb195465e94dd2ca978bde
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8198d5a74e156d491472a298a04b7acb19a94cf4fa5631d7599cf5fdb495eeb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9F05920A1F7D70FD7A943B808268A2BFA0DF4762470902FAD048C71E7F91818069701
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4927D7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 93cf5aacaa3026acf39e252800ffc57ec0fa43b80f8df4008369a67914db63ca
                                                                                                                                                                                                              • Instruction ID: 8adbff31f14a59e48ac99d4f04ede518e311642460e879845901edf7a5f28b57
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 93cf5aacaa3026acf39e252800ffc57ec0fa43b80f8df4008369a67914db63ca
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DAE07D32A4F94C5BCB10EA9A6CA04CA3B98FB8D318B01016AF48CC3251E2525511C351
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B490271 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000020.00000003.2476294363.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_32_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 494321b211d3b07eba72ae0cfba8f1e5f15258979fdff7b412b7bd2dce9a97e0
                                                                                                                                                                                                              • Instruction ID: 06401d89036e6c46b20f7c1a37fce2788aa04f350aaf19392997c2e569a891a5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 494321b211d3b07eba72ae0cfba8f1e5f15258979fdff7b412b7bd2dce9a97e0
                                                                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00DE17F8 Relevance: 2.6, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $^q$$^q
                                                                                                                                                                                                              • API String ID: 0-355816377
                                                                                                                                                                                                              • Opcode ID: 1b67768d3cc2df99d8b680b9b7dd0dc537e4f8d39a3c3ff288812e8bf549ab8a
                                                                                                                                                                                                              • Instruction ID: 55ca723b4245f4e3b3e17e831188a2f5bf7cb0d1d2fa82b1e47dc6056c94d959
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b67768d3cc2df99d8b680b9b7dd0dc537e4f8d39a3c3ff288812e8bf549ab8a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC219131E00709DFCF15AF69D844999F7B4FF45314B0586AED4096B225EB31E884CB91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE17E9 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $^q
                                                                                                                                                                                                              • API String ID: 0-388095546
                                                                                                                                                                                                              • Opcode ID: ebd4c8da626a460525ce145fc877df59233f4217700963fc172251f3f1d281f9
                                                                                                                                                                                                              • Instruction ID: ef925847d8fc167c283214d0c7ff46466d94f62d18646844cb8d391d1b070e1f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ebd4c8da626a460525ce145fc877df59233f4217700963fc172251f3f1d281f9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD21C131E04749DFCF11AF78C8548A9BB71FF45300B098AAED4496B232EB31D884CBA1
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE0848 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a3ced0d20740573ec545962fcb62e11387e2920e1b661d2bda8d5f8cceb29ab8
                                                                                                                                                                                                              • Instruction ID: d9d21673c41215694296a45710c75abc6066acfe8c69ff492f9e45d4ceb5e8ec
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3ced0d20740573ec545962fcb62e11387e2920e1b661d2bda8d5f8cceb29ab8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4361CE30A00349CFDB15FFA5D8546AE7BB2BF88704F14846DD409AB365EBB49C85CB91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE15A2 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: e10620b4db63fa10c135724c33433463d669e71dcec4c7d05d61ac0e94b8da40
                                                                                                                                                                                                              • Instruction ID: 5f6516d6977df48b850e2575b5183d9e7979d28e98204149e3bae0283ba04cec
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e10620b4db63fa10c135724c33433463d669e71dcec4c7d05d61ac0e94b8da40
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45514E32E50B06A6E710DBA5CC45799F371FF99700F61CB1AF6583B191EBB0A1D4C681
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE15B0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d0c2660804abce6d25927a3b369da80c7c3b29c3675dad9505906c82044d09d1
                                                                                                                                                                                                              • Instruction ID: 64ab959667ed559a1d0954bb8058a412b75acf7d25096d724f5a209a9c18667d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0c2660804abce6d25927a3b369da80c7c3b29c3675dad9505906c82044d09d1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E515E32E50B06A6E710DBA5CC45B99F371FF99700F61CB16F6583B191EBB0A1D4C681
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE1DC8 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 632ac63eafc53d36e738ddf9267ee8297aba9a5a0ffbf8b8ea623d86d6387448
                                                                                                                                                                                                              • Instruction ID: b37ed9ec21b74ee60a56721f1a708f77d2b0ad31bea9d9aeda78f02a06c5fe54
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 632ac63eafc53d36e738ddf9267ee8297aba9a5a0ffbf8b8ea623d86d6387448
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65415136E10B4A9BCB00EFB9C8504DDF7B1FF94304B11C62AE959B7215EB30A586CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE1029 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d3f192f848a0f9bd88f6afaa4282cd70df2ef46c368768567f729b1c169e2d48
                                                                                                                                                                                                              • Instruction ID: 5e713c6f69111eb614aa223e173c88d55b6ba7313872af00f2d1555d3bef4a9a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d3f192f848a0f9bd88f6afaa4282cd70df2ef46c368768567f729b1c169e2d48
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0415B35B0064A8FCB54EBB5C9946AEB7F3FFC4304F10C569D119A72A4EB30A906CB60
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE0F20 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 204f97e2fe415a6b3a70521c17d42f576f10dade1719f72c6b278604b6cd1332
                                                                                                                                                                                                              • Instruction ID: 69209eb55a09315b366cd6e36b8f243f3ad165154cc040f9bc74558a5d54e663
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 204f97e2fe415a6b3a70521c17d42f576f10dade1719f72c6b278604b6cd1332
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A21C72324C7C40FC312B37DA8A02A9BF92CFC1354F1A45ABD0858B2B7DA548C89C762
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE1F34 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 5532a7d0d8448c8f9cb69f80bdbecaeb94e0fd84239e606c501b0146a268be1a
                                                                                                                                                                                                              • Instruction ID: c59abc0a3f086221cdc780e253413aace21b74ee01e8c293f17ea583c40978b5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5532a7d0d8448c8f9cb69f80bdbecaeb94e0fd84239e606c501b0146a268be1a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 584104B1D003598ACB10DFEAC544ADEFBB5AF48304F20811AE419BB254D774AA49CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE1A89 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c85beecdd52e442e063872dbf6943f8935cdd68b1f4b872801ba58b159ed4e11
                                                                                                                                                                                                              • Instruction ID: 85aec9e68924930c68494a33eda60001d0ea278f3008765f6056db86a3f98bb2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c85beecdd52e442e063872dbf6943f8935cdd68b1f4b872801ba58b159ed4e11
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7318136E1160AAADB00EFB9D8905DEF7B2FF95300F11C66AE544A7220FB30E595C790
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE1F40 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 7a14ab9b4a9efc25fe59d2e64e281becac7862f09cc4208ac0a8adc72ce68fab
                                                                                                                                                                                                              • Instruction ID: 2b494b17219e5ea0a9bc42a1e44427f297c1bbf73f6642d64eabec469f9de4e5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a14ab9b4a9efc25fe59d2e64e281becac7862f09cc4208ac0a8adc72ce68fab
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7341D2B1D003599ACB10DFEAC944ADEFBB9BF48304F20852AD419BB254D7756A49CFA0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE11E4 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: db253668fbe02833ec1baab4d5f93df4820e16b83fcd130ed3b12d0ea2b52d81
                                                                                                                                                                                                              • Instruction ID: 9dae17c12f001ee4efc64af17fe6182565507498b6a484e4dc4839207d40bd47
                                                                                                                                                                                                              • Opcode Fuzzy Hash: db253668fbe02833ec1baab4d5f93df4820e16b83fcd130ed3b12d0ea2b52d81
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 924115B1E00288DFCB14DFAAC955BDEBBF5AF48304F14802AE414BB260DB745945CFA0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE1934 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 942e50ce7ba1b55c699a8dc5022673dd1eac94ab7d4e6b96e74ad14742bf48d9
                                                                                                                                                                                                              • Instruction ID: 69639ee33e51d2caadbce39f878e59d5d23ccb395d7d0922a0d99d0baa57c4d1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 942e50ce7ba1b55c699a8dc5022673dd1eac94ab7d4e6b96e74ad14742bf48d9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 034138B1E012489FCB14DFAAC595BEEBFF5AF48304F24802AE415BB251DB745945CF60
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE11F0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 2a71e530985c7023b0feb8d6238dcef4e1383d499cd7a9c688e7e72eb8ff604f
                                                                                                                                                                                                              • Instruction ID: 1b005baed57b48f50eca6f9a4671ff15619888421981a563fa7c72fac675b35e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a71e530985c7023b0feb8d6238dcef4e1383d499cd7a9c688e7e72eb8ff604f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 103106B1E00248DFCB14DFAAC955BDEBBF5AF48304F24802AE414BB250CB745945CFA4
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE1940 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 7db2ef2ad80a72ab76cae28cca3dd45125a26334bf9ef3461534ed19a9d1a029
                                                                                                                                                                                                              • Instruction ID: 5b4443a7622d3a5ece1a714d7b819784a8f70fa77f0f8d6d0d11950e29512f70
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7db2ef2ad80a72ab76cae28cca3dd45125a26334bf9ef3461534ed19a9d1a029
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A33117B1E01258DFCB14DFAAC594BDEBBF5AF48304F14802AE415AB250DB745945CFA0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE1CB4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 58e9a25cedac69caff2d9d8b262e7815937434fcd9625248a15308b4564a265c
                                                                                                                                                                                                              • Instruction ID: a1f541705c5badad38c0ddfbe9ad7c3721c86bc59f94bd6e57e96dde5c40a6c9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58e9a25cedac69caff2d9d8b262e7815937434fcd9625248a15308b4564a265c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6531E4B1D002989FCB24DFAAD894BDEBFF5AF48314F24812AE419AB250C7755845CFA0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE1CC0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: ea485e4644200261e68ebd218c2a07901980e2eaa12b289adab03e2362000d0c
                                                                                                                                                                                                              • Instruction ID: 95b8d8dc776d7acb0602257ee5c9e69fe2bf209510007860294d32e3b006ab51
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea485e4644200261e68ebd218c2a07901980e2eaa12b289adab03e2362000d0c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7531D6B1D002989FCB24DF9AC884BDEBFF5AF48314F24802AE419AB250C7755945CBA0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE0830 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9e04a1fc5b8583a22d6c149e2ce8198fbadf02c72a42f2d850cbc134dfd045ce
                                                                                                                                                                                                              • Instruction ID: 9818872ed55ac070b08ef32afeb7c6958e911f34bb5c0dbbca7c1832a67c3ca8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e04a1fc5b8583a22d6c149e2ce8198fbadf02c72a42f2d850cbc134dfd045ce
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF21F631A043854FCB16B77588102AE7F726FC9708F09446EC8499B39AEB79CC46CB92
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE1BA4 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: fd95fe65bc2d985b3513ba4c78f9c394bba39663d019097567b93bffded97ed0
                                                                                                                                                                                                              • Instruction ID: 0d9eee348995d80174b117751037d31f70c678fe4736344ec2672e46a94a3953
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd95fe65bc2d985b3513ba4c78f9c394bba39663d019097567b93bffded97ed0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B631E2B1D002989FCB10DFAAD594BDEBFF4AF48314F24802AE459FB250CB755885CBA4
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE1BB0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: ef5aa4fd56751d47d9d9129e179d81728dd0de35d2d155e553f444864ae37f8d
                                                                                                                                                                                                              • Instruction ID: e9cf850e0c5cee02505a2f27a8d8d8445590b6c3387523fa0aabeeade19f35ac
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef5aa4fd56751d47d9d9129e179d81728dd0de35d2d155e553f444864ae37f8d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D021C3B1D002589FCB14DFAAD484BDEFFF8AF48314F24802AE419AB250CB755845CBA0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE1188 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f28fc4232d8d97bcac91ca50aebe4381a89edf232a9729d104bab7989d264fd8
                                                                                                                                                                                                              • Instruction ID: 66cc68355daebe4e1b6d880e2ec8343c2e3a47ab93d21ea213a942dd3009c67d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f28fc4232d8d97bcac91ca50aebe4381a89edf232a9729d104bab7989d264fd8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38F06575B05108AFCB00DFB4D950EAEBBE6DB54308B41C5A9E505DB251E931CA06DB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE18E0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 67bc04a4d092256019087fe4f1a1f93d32b60883b978b394597f20b87c83dcf8
                                                                                                                                                                                                              • Instruction ID: a24c5dbbdd4f0c28a698da5b16e143bdaa8e9478f8b6f6bd3949c6fdf25f2503
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67bc04a4d092256019087fe4f1a1f93d32b60883b978b394597f20b87c83dcf8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64E0ED75B01109AFCB00DFB89A51A6A7BA6CB81308B06C0ED9009EB261EE30CA06A750
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE0AD8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 550c57842a3503bdbdeee00040e55229d24065705ee6aba81dfe4f432b381c58
                                                                                                                                                                                                              • Instruction ID: 20d2a01a06093158abcacb18390e1b80a04f9127a56b8ff4779bc8037f6db652
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 550c57842a3503bdbdeee00040e55229d24065705ee6aba81dfe4f432b381c58
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CDF0F834901208EFCB40FFB8E94559CBBF1EB48300F5085B9D419A7364EA306F44DB41
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE1198 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f3d3428269eeec919285a2e266b35c76cf1a0527d06dc3afb1345dadd2162240
                                                                                                                                                                                                              • Instruction ID: 3f7794e21fe223dfe2debf32648854c8fe41c012ad25e11d80876ebdaf00bfef
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3d3428269eeec919285a2e266b35c76cf1a0527d06dc3afb1345dadd2162240
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61E01A31B0120DABCB04EFB5CA51D6EBBEADB84304740C5A9E5099B264EA31DA059BA0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE0B3A Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 3c04d5d06116c8afd29a5a8b43d77ad2f1a461742b17c1cdea2240528da3e901
                                                                                                                                                                                                              • Instruction ID: 50242ad1d57f6e01907aa7cc2ff0c0dbf54e69bfe9e2a6c588ae6ad1ef792320
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c04d5d06116c8afd29a5a8b43d77ad2f1a461742b17c1cdea2240528da3e901
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02D02E27708A800BC300B37CA050398ABC2EFC0310F4242BAE004972ADDFA4CC41CBE1
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00DE09B5 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000021.00000002.2471937893.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_33_2_de0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f5fa17b25e057c8344c597e1cbe36271639bdb4cb949723cd363b36c33255481
                                                                                                                                                                                                              • Instruction ID: 87c8e40968a1f363ee44df559db0632b542f0e63f6921ce96b897c81d3f793a2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5fa17b25e057c8344c597e1cbe36271639bdb4cb949723cd363b36c33255481
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5ED09E35740259CFCF00EFA8D5445DC77B0EF88715F000069E109DB270D7759855CB61
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FFD9B3F0808 Relevance: .8, Instructions: 838COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000023.00000002.2475968434.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_35_2_7ffd9b3f0000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 19eb1d2d8ae86251737204513772cfb1cf4ce5b4c3db541182e7d4d39b8ed154
                                                                                                                                                                                                              • Instruction ID: e8dfdd700310d774e935df06d6313a38677c058c196b6487645e864857f10390
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 19eb1d2d8ae86251737204513772cfb1cf4ce5b4c3db541182e7d4d39b8ed154
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40420331B0EA894FF366EB6C94616257FA1EF46380F5540FEC44CCB2EBCD29A9458342
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B3F0548 Relevance: 3.8, Strings: 3, Instructions: 3COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000023.00000002.2475968434.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_35_2_7ffd9b3f0000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: <N_I$=N_I$?N_I
                                                                                                                                                                                                              • API String ID: 0-2015509518
                                                                                                                                                                                                              • Opcode ID: 01483f1ce5b02438c5425164890f8d077a94d3706c46eb6db3c73b65fc816610
                                                                                                                                                                                                              • Instruction ID: e2f466db791276dd9fbe61c1466a2f6da7c5322ee7bf375e6a1ca98c8c282d56
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01483f1ce5b02438c5425164890f8d077a94d3706c46eb6db3c73b65fc816610
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10900201519092059605367420394E45F215F02114A0886E1D0DD0D0C7484420C18144
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B3F0FA8 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000023.00000002.2475968434.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_35_2_7ffd9b3f0000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 27025687245a91731d06522baf4f3e27305c94cf130acc9d4701cfbbb67a863d
                                                                                                                                                                                                              • Instruction ID: 9896bce37960193b7d2700fe5ff54e70556e2339318b0d74e412e164965c0702
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 27025687245a91731d06522baf4f3e27305c94cf130acc9d4701cfbbb67a863d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB71B553B0FEC60BF37695DC3CB12246F91EB826A0B4901FFD4C8861FBE8599A058391
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B3F135A Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000023.00000002.2475968434.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_35_2_7ffd9b3f0000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8fd3c692a9f919da6ef1d4338de947b73eb3b4b9c4a134c927d87efd8a1b242c
                                                                                                                                                                                                              • Instruction ID: b8ecd6a1204ae94baa5773326f958ed67dc425e5957b56c8af13130342e21ee1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8fd3c692a9f919da6ef1d4338de947b73eb3b4b9c4a134c927d87efd8a1b242c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6321B631A0DA0C9FEB18EBA8D855AE9BBE0FF55320F00422FD049D3652DB756846CB81
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FFD9B4B12DE Relevance: 1.9, Strings: 1, Instructions: 697COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000025.00000003.2538052405.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_37_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 2B_I
                                                                                                                                                                                                              • API String ID: 0-979045943
                                                                                                                                                                                                              • Opcode ID: 6553c930e32dab106c2e8301de4c307b9c7e5050c9babac28285b20d84268cbf
                                                                                                                                                                                                              • Instruction ID: 792ecafb885ac845bd7a42b00d673853ada46e49f17223ff3b125f99827d7693
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6553c930e32dab106c2e8301de4c307b9c7e5050c9babac28285b20d84268cbf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B2206A3B1F6D50FEB3595AC186817D6B92EBD236471940FBD0C8870FBE814AE06E741
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B1518 Relevance: .4, Instructions: 450COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000025.00000003.2538052405.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_37_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 6e20ef950d298c2c63d2db9b4958a2aab8da5a06a7b824c6e0e72f8e1da4a3cd
                                                                                                                                                                                                              • Instruction ID: 56215eed3e172934cb41051fde28777980ba5fb663ac3a2e6d540993b2da230a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6e20ef950d298c2c63d2db9b4958a2aab8da5a06a7b824c6e0e72f8e1da4a3cd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4D16562B1FAC90FE77996AC146917C6B92EF89224B1900FBD088871EBEC14AD06D741
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B3751 Relevance: .3, Instructions: 306COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000025.00000003.2538052405.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_37_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a301a42d61cf6633c123d4307c37f55019a8e344b372305190acac11b46b301d
                                                                                                                                                                                                              • Instruction ID: d77ef9c4b44b07dad0587e6f7a5dff5e4e2c47a68cc61d70837f25fdd5caf060
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a301a42d61cf6633c123d4307c37f55019a8e344b372305190acac11b46b301d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14916B2160E6D90FE766977D58746757FE0EF53328B0901FBD1D8C70A3E908A846CB42
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B3A8C Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000025.00000003.2538052405.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_37_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: e3dfc5c22f4d5c6514030e5478c9444b976ffe2ccff775119623ed0bf1efed9d
                                                                                                                                                                                                              • Instruction ID: b6c8b3ba784c44142aff6de14053410bc6d28908683d256e3a9b339bd403895b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3dfc5c22f4d5c6514030e5478c9444b976ffe2ccff775119623ed0bf1efed9d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15912830A1D58D0FD71AEBB488656F97BE0EF45304F0401FED45ACB1F6CE2864069B81
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B3E1A Relevance: .5, Instructions: 470COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000025.00000003.2538052405.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_37_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 818266f49882713b9b0e059d9892d14ae968f80f57a2732e4015a1fe39486632
                                                                                                                                                                                                              • Instruction ID: b4bc0b1b9af3a939ee97137b5d16a8a8d064a4c35cb26818a02782805d96e391
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 818266f49882713b9b0e059d9892d14ae968f80f57a2732e4015a1fe39486632
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B513B12A1E1621AE315B7BCB8629E93FB0EF41338B0846F7D0ED8B0D7CC4824C68795
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B3ED3 Relevance: .4, Instructions: 379COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000025.00000003.2538052405.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_37_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 59ec3f7cbaac0023e75c7ebfa986bf71d45f0449d3a89ac5dd87f1da3959d321
                                                                                                                                                                                                              • Instruction ID: 8fe86ddee16ce88cc237ae618ae39c56db12823975901404a1c85a81d2bc310e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 59ec3f7cbaac0023e75c7ebfa986bf71d45f0449d3a89ac5dd87f1da3959d321
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4631F42261E5550EE316B77CAC66AE93FB5EF41334B0882F7D1ADCB097C84868C68395
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B20FA Relevance: .3, Instructions: 329COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000025.00000003.2538052405.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_37_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f76781fc1f52d838c940cacf87ae9bb60947da64bffdc014c660581a0aaa891b
                                                                                                                                                                                                              • Instruction ID: 87b9f680a6210f1048f552ae180177860e89437c49e4447111a9cf689cd0b1c6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f76781fc1f52d838c940cacf87ae9bb60947da64bffdc014c660581a0aaa891b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2910817B1E1A60AE319B7BDB4665F97F61EF8123870842F7D0D98F0D7DC08648A8295
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B310E Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000025.00000003.2538052405.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_37_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 5596e8f536b27cb82afcc5ea983cf2ac73b59bc9c844ae862e1804011710e0d4
                                                                                                                                                                                                              • Instruction ID: 967c1d4f371d0b53e120eb5c2ead80e8a13f0f5531c6f5eb3e2283823ba06d79
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5596e8f536b27cb82afcc5ea983cf2ac73b59bc9c844ae862e1804011710e0d4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4513411F1EAAE0FE77952BD08362BD3BC5DF8A214B4601BBD959C72E3DC08A9025B41
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B34E1 Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000025.00000003.2538052405.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_37_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 011377412bd9de49ae54288939bcab0853fe01eb1918130a7db4a5e3865ff44c
                                                                                                                                                                                                              • Instruction ID: 6b8ee262f4c93ae82f6779bd43096d0c9d5707e07b4532ec8a82851eb0222346
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 011377412bd9de49ae54288939bcab0853fe01eb1918130a7db4a5e3865ff44c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18510330A09A5C8FDB65EFACD8599ED7BE0FF59315F0400AFE449C32A2CA25A841CB40
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B2C25 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000025.00000003.2538052405.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_37_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 4106331c68d230fb2d974d19d672e497035d0c385bad0f948ef69283f6c52d19
                                                                                                                                                                                                              • Instruction ID: 95a6d0963c939e65769e8b8b9c838547bb03e523be2553b6ce7255b26771b881
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4106331c68d230fb2d974d19d672e497035d0c385bad0f948ef69283f6c52d19
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34513511B0FAAE0FE7BA56B854352AD2FE0EF4A254F0605FAC159CB1E3E90C594B9341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B1D90 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000025.00000003.2538052405.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_37_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f4401ce5fcea7d3e14a374b0b5d5e8b02f0f0271da72f7f61213fb93f6fda871
                                                                                                                                                                                                              • Instruction ID: 4db4aeed291b07e4221d5c85a4f3e60d4214736452a6369057662e3668685f5e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4401ce5fcea7d3e14a374b0b5d5e8b02f0f0271da72f7f61213fb93f6fda871
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF412811E2FB9A0FE7AA977848756A83FA1DF56250B0501FBC148CB0E3ED4C5D468742
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B1C51 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000025.00000003.2538052405.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_37_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 48c0bb14ffdb01ab90d8a334046564356b892a8c96d3bc58ef685b46452ac271
                                                                                                                                                                                                              • Instruction ID: 1d5adb0db4673064f94400c73d7ad186b8f77c666749876ff84aadbccdf03b87
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 48c0bb14ffdb01ab90d8a334046564356b892a8c96d3bc58ef685b46452ac271
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A41D33091E7C94FDB2A9BA958645B97FB0EF13329F0401BFD089C21A3CA582416C746
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B1AAE Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000025.00000003.2538052405.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_37_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: b359c93cb826d19f718a9bb9456a3a4cb72acb0293f4231048738d48e1d8c7a2
                                                                                                                                                                                                              • Instruction ID: b52855686223cdfc3e7a5cbacb0b981e99546cb7159b4a2e556963d6e2b32ecc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b359c93cb826d19f718a9bb9456a3a4cb72acb0293f4231048738d48e1d8c7a2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B801F531F1C65C4FDB78DE4894A50BDB7E2EF58218B02413AE05ED3271DE21A8119B00
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B3168 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000025.00000003.2538052405.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_37_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f14fdccdeb1b91b64197b96a4158ca94c38593c210c95f9a2cf1cbefce8e943f
                                                                                                                                                                                                              • Instruction ID: 5fd56e2cdba77fee29d982ccd8e4105f27dfa6289c23d63f15cb53f4bdc19382
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f14fdccdeb1b91b64197b96a4158ca94c38593c210c95f9a2cf1cbefce8e943f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11F06211B1AC7E05F27611EA16652BD2185AB4522CFA60536DA2DC61F2DC08EA522D51
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4B27D7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000025.00000003.2538052405.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_37_3_7ffd9b4b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c176c493c913130632a958d06bd99830177f7ebe8e1f3a7ff2efe9b86cb88668
                                                                                                                                                                                                              • Instruction ID: 482f06afbf8c7f7d01d337c2106e2a8d71e3c13c79eb3284e2e96b3e8398fbe8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c176c493c913130632a958d06bd99830177f7ebe8e1f3a7ff2efe9b86cb88668
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CCE07D3260F94C5BCB10EA9A7C604CA3F98FF8D318B01012AF48CC3251E2125511C755
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FFD9B4A12C0 Relevance: 3.4, Strings: 2, Instructions: 912COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 2C_I$;4C_^
                                                                                                                                                                                                              • API String ID: 0-961891710
                                                                                                                                                                                                              • Opcode ID: 71c5f3511b10259fb06451523b7e3c2cffa33e89807f0f78758a4a23aff878ec
                                                                                                                                                                                                              • Instruction ID: 9ef99d2599265bcfb78c8363983d65c18617f00914a069254606b863b5b21e5b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71c5f3511b10259fb06451523b7e3c2cffa33e89807f0f78758a4a23aff878ec
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18524D63B0F6C44FFB754AAC58651786B92EF963A4B1901FBD098C71FBE814AE01E341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A1518 Relevance: 1.7, Strings: 1, Instructions: 450COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: ;4C_^
                                                                                                                                                                                                              • API String ID: 0-623853526
                                                                                                                                                                                                              • Opcode ID: d7df4e10d89ed5524734df105aa8bfe1120aeaad94d4e99c4a665ff988379ff8
                                                                                                                                                                                                              • Instruction ID: fefdcdfc15ed2f309cfcff84e01f1d9b1eb41a9c7f1d1c8359259aecd4ebfdf8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7df4e10d89ed5524734df105aa8bfe1120aeaad94d4e99c4a665ff988379ff8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9CD16B62B0F6C90FE77946AC18691786B92EF9A268B0901FBD099C71FBEC14AD01D341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A3751 Relevance: .3, Instructions: 307COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: ecf02ee2b027981af4bce452a6e95573006699eda1c3b8804a7c52f8fe1da870
                                                                                                                                                                                                              • Instruction ID: b76a7aed42f70e64dcedef4c6ff97314348d6a8789ffd304c61aaefaadaab6fc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ecf02ee2b027981af4bce452a6e95573006699eda1c3b8804a7c52f8fe1da870
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E91372160E6C94FE7A6977C98746717FE0EF53328B0A01FED0D9C70A3E908A946C742
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A39B9 Relevance: 1.7, Strings: 1, Instructions: 406COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: ,
                                                                                                                                                                                                              • API String ID: 0-3772416878
                                                                                                                                                                                                              • Opcode ID: 6dcecf2e7b46bc374aebdd3f5deb3cc92d1d1b687833b23ec865c347fc84cd11
                                                                                                                                                                                                              • Instruction ID: dc606a4edf2b3d8ea8e48d20c0b3bab7a51c67d3a1203fb42ce0fdab25da3b84
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6dcecf2e7b46bc374aebdd3f5deb3cc92d1d1b687833b23ec865c347fc84cd11
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CCD1C470E09A4D4FDB59DF68C8646A97BA2EF99344F1100BAD00DCB2E6DE35AD42DB40
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A5A71 Relevance: .7, Instructions: 715COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: b703148a119b520a34c43e7570ff7842a337e04c37c976083f3303c03267c33a
                                                                                                                                                                                                              • Instruction ID: d7bae77a50f1a89cc19ebb483ddee6b4764137328684ae01ca57e5af236fc789
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b703148a119b520a34c43e7570ff7842a337e04c37c976083f3303c03267c33a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF321270F19A4D4FE769EB288864AB977E2EF99304F1100B9D44ECB2F6DE34A9418741
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A4C6D Relevance: .7, Instructions: 676COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a6f6c4f7598da9a11dfafa780941f7dda006e1938e614026361578faba2cc6a2
                                                                                                                                                                                                              • Instruction ID: 1703f40610be2fb28ea83431325fc24233a0955c6572fb1ae61ea1b205a54bb1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6f6c4f7598da9a11dfafa780941f7dda006e1938e614026361578faba2cc6a2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6E12971B1DA4D4FE75DAB2894355B977D2EF95304F0601BEE00EC72E3DE24A9029381
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A4C88 Relevance: .7, Instructions: 660COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 76bc40436e410b4fca1627866cd1bb985a9c1b8576eb8bb57d18441e8a7b0f4c
                                                                                                                                                                                                              • Instruction ID: 8471041be8e8cb4ff666ec303b3727a82e22c4ff2023b442974de7147d311655
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76bc40436e410b4fca1627866cd1bb985a9c1b8576eb8bb57d18441e8a7b0f4c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FAE11831B1DA4D4FE75DAB2894355B977E2EF95304F0501BEE00ECB2E7DE28A9029381
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A2290 Relevance: .5, Instructions: 471COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9efa35a313254b95f7ca7f72f193e139631d7eff42fd6682800692210c1bff69
                                                                                                                                                                                                              • Instruction ID: 810cd51b16a145d52cb50caa5453930555858b4010c29ceb9374e3bff412d1d6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9efa35a313254b95f7ca7f72f193e139631d7eff42fd6682800692210c1bff69
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3E13731B1DA4D4FE75DAB2884255B977D2EF99304F1501BEE00ECB2E7DE34AA029781
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A0271 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c5a410c4c95c8346518d095e78c6001c8dc47c84f3dcdfb1014b76f2305af5ea
                                                                                                                                                                                                              • Instruction ID: ea1e3fcd63ce19dd59f2c00f520c53e34fca32c857ec22c96a819b918f1429cd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c5a410c4c95c8346518d095e78c6001c8dc47c84f3dcdfb1014b76f2305af5ea
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FBA14721F0E65E0FE76966B858361F97B91DF8A364F0501BAE40EC72E3EC1C6D025781
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A4731 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: fde2865b9a77f71c7dd1d4f5d855c103f6eb0e32c51629959b250d640384386c
                                                                                                                                                                                                              • Instruction ID: f03ef35017c6d31995b7eb32571cf8a7cf0cda2c99e8a3f7d3d020d13d0f8e50
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fde2865b9a77f71c7dd1d4f5d855c103f6eb0e32c51629959b250d640384386c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D581D670F09A8D4FE759DF6888605A977E1EF9A744B1601BAD40CCB2F2CD35AE428781
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A2AF0 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f96eed56a75f63d9beefc648771330190e5a88b8e7c2cfbf9fa14dca5c5fcfb4
                                                                                                                                                                                                              • Instruction ID: 5a179bdb458f2e7b381adba2ae52f84aecf4d950bc1d399284ef7606faebbb00
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f96eed56a75f63d9beefc648771330190e5a88b8e7c2cfbf9fa14dca5c5fcfb4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22613422B0FA9E0FE7BA9AF859751A92A91DF89654B0A41BBC04CC71F7DC0869066341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A4760 Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 24a5790a3d6a73876b03d853b0d1ef299facf6dcff4766b385a721cd0faed613
                                                                                                                                                                                                              • Instruction ID: 78a43265afd3527bc3a469540b553a6b3a6e9969c41a934805a0dadccf6973fe
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 24a5790a3d6a73876b03d853b0d1ef299facf6dcff4766b385a721cd0faed613
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F61C570F09A4D4FEB59EF6888605A9B7E2EF99744F1105BAD40DCB2F6CD35AD028780
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A34E1 Relevance: .2, Instructions: 196COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 5303bc5d85597eab5d51f3bf36d5b43226d7e28ba72abbf7a64a7ba61ba31ad9
                                                                                                                                                                                                              • Instruction ID: 9beb2d51f9218a2291a24d7b3f206cfd5b4a5b682f415d99f867681ce58b321d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5303bc5d85597eab5d51f3bf36d5b43226d7e28ba72abbf7a64a7ba61ba31ad9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7851A030B19A0C8FEB94EF6CD858AE977E1FF59315F0501BAE40DD72A2DE35A9418B40
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A2278 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 71515f867b57dde1aab1e1d6f4128f1f601e5a6ab51a654ca0c451e7f0dc386b
                                                                                                                                                                                                              • Instruction ID: ad732d6e6ae11d6ad123b0049391de6724d77d5a5584af144f6f0307d8cb2292
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71515f867b57dde1aab1e1d6f4128f1f601e5a6ab51a654ca0c451e7f0dc386b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B518A23B0E94A0FE759B6BC98765F5B7D1EF8622870902BBC49DC71E7DC0828475381
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A3F6A Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 688ed2a75985d5d8bcfead5bbc1fad34e8bb5906fe7e2cde2550a107e4777208
                                                                                                                                                                                                              • Instruction ID: b91b13a79cd99005a4e5908bd9e79ec6102a9ca140ceaa56678894700d4d5897
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 688ed2a75985d5d8bcfead5bbc1fad34e8bb5906fe7e2cde2550a107e4777208
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D510110B1EA4E0BE7A8A67C54B56BD66D2EFC8354F1146BEE00EC72E7DC1CA9416381
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A3EB9 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 2446918ec9cac95c430347b5081f4d7470834a0e4279c98e94ac3e328d0e1690
                                                                                                                                                                                                              • Instruction ID: c6f732601112de24a3c9b0b7cdf04e35921bc527bed2a5d9a7feda02d8390d19
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2446918ec9cac95c430347b5081f4d7470834a0e4279c98e94ac3e328d0e1690
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C5513751B0FACA0FE7AA92B808342B52BE1DF96354F0501FBE09CC71E3DC485D469382
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A1D90 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a57342c4fd72a27edd156ac4576eba21e0ab2a3a02e4d779d812736f28a3143e
                                                                                                                                                                                                              • Instruction ID: ee9659cd786e36739056732b976d63d2b9640d46f7698ecad246bd0ad82bd798
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a57342c4fd72a27edd156ac4576eba21e0ab2a3a02e4d779d812736f28a3143e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40410411E1FB9A0FE7AA976848756A53BA1EF57254B0601FBC058CB1F3EC4C6D4AC342
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A1C51 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a3d36f32815da33b95fb13657391309a10c7ebed53681f96b8af91c823c02e0b
                                                                                                                                                                                                              • Instruction ID: dfd7971588b019ae38a20d29bef24bec549c49a9de013a27160e949bcc0e50ef
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3d36f32815da33b95fb13657391309a10c7ebed53681f96b8af91c823c02e0b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE41E230A1E7C94FDB2A9BA958646F57FA0EF13329F0801BFD099C31A3CA582516C746
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A5583 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f70407628249d6985ce5cb12fa3d485ff7846a103864cecfc12707ccddc4ab87
                                                                                                                                                                                                              • Instruction ID: 0ebd1124c3b4761d6ed3fa88d8fa89cd4f4bf1c6602a7f8d597ac6dbaf57d45c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f70407628249d6985ce5cb12fa3d485ff7846a103864cecfc12707ccddc4ab87
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C041E471B1DA494FE75DEB6894215BC77A1EF98308B1500BED00DCB2E7DE39EA028780
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A431D Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 7a36f732841879e82d617c238196c430cba7036381c397f12187912fcebc8396
                                                                                                                                                                                                              • Instruction ID: 2c7f741126358a67e2193f44564bbaa56bffc21d0ea325b5a0f1a3f9a8f5934e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a36f732841879e82d617c238196c430cba7036381c397f12187912fcebc8396
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1031C831F09A1C4FEB58EBA8C8659E97BF1EF99314F0501BAE009D72A2DD24BD00D791
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A02E0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8b27c5edd826dc74324500d986898e9d07b4cff4ff95edd7790b0873d394150c
                                                                                                                                                                                                              • Instruction ID: 2564786eb7c587eb064aeaf08bac6708ce357de01c589bd906c1c355eafd46df
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8b27c5edd826dc74324500d986898e9d07b4cff4ff95edd7790b0873d394150c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF31A431F0991C4FEB58EBA8C865AE977E1EF99314F05017AE009E72A2DE24AD01D791
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A583C Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: b129a51b2fd97b5413520306c26ea650944d1a67430adaba8a7a52131409371a
                                                                                                                                                                                                              • Instruction ID: 5a3f25c71ab301c1288aaabe95ba6484338cdb719a6b47504a352b4bcec17a25
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b129a51b2fd97b5413520306c26ea650944d1a67430adaba8a7a52131409371a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF11E511B0F78E0FE7A653BC68651A53FE19F8A660F1A40FBD488CB1F3E9184D469342
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A3D6F Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8b118ac562ba7ea8ea8e21d8169ec9cddb0a66962afdf1fb8beca13859a9c242
                                                                                                                                                                                                              • Instruction ID: c778aaf9abc2bfdf7194799cc3b7e69709224d302518a31b1bec4b19812a31c6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8b118ac562ba7ea8ea8e21d8169ec9cddb0a66962afdf1fb8beca13859a9c242
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EA0184B1B1A94E8FE759EF58C9605E57B92EF85344F0604B1D40CCB2F2D935A9119B00
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A6199 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c4eb5b037d005cfba5ffc17e28905dc2be56e375ca04487e946a14fcc2a15dac
                                                                                                                                                                                                              • Instruction ID: 9a6a08a2552181a85fea020d49b29a2afe2d967a6c42b9c07663a410f5765331
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c4eb5b037d005cfba5ffc17e28905dc2be56e375ca04487e946a14fcc2a15dac
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D01D83150E6C24FD72797789CB1A647FA0DF07214B0E02EAD094CB5F7D95DA846C352
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A3168 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 61d18b4caae1662d240382a53eb43eb234e441238dd1d37bdc8fd51d5e79e9ba
                                                                                                                                                                                                              • Instruction ID: a0e5d3c5490940086a4e5fddb3f80b6e1f739919a382aab09dd9287ddff839b3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 61d18b4caae1662d240382a53eb43eb234e441238dd1d37bdc8fd51d5e79e9ba
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0F08621B1FC5F05F2B611EC26752F525C1AB4566CFA60535D82DC61F2ED0CFA522541
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4A27D7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000027.00000003.2564405934.00007FFD9B4A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4A0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_39_3_7ffd9b4a0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 4cbf4df526697c32da066a1311e16ac2138c2a15fd511790a8347ca57f8ccbed
                                                                                                                                                                                                              • Instruction ID: 9b48468d4e50ea9f97c66f9717e9783210f417dc42c91ed4c14359a59009b4a6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4cbf4df526697c32da066a1311e16ac2138c2a15fd511790a8347ca57f8ccbed
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28E07D3660F94C5BCF10EA9A6CA04CA3B98FB8D328B01012AF48CC3251E2125611C351
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 014517F8 Relevance: 2.6, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $^q$$^q
                                                                                                                                                                                                              • API String ID: 0-355816377
                                                                                                                                                                                                              • Opcode ID: 7db93c1c904e265669a9f4f85e2862c6589ade68091e40d9d88ef33b872f7fa0
                                                                                                                                                                                                              • Instruction ID: ddaf866012607b36ddc90b25c0ef6f2eac9888bd4ef678396962f6bd077b9f74
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7db93c1c904e265669a9f4f85e2862c6589ade68091e40d9d88ef33b872f7fa0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7921B532D00709CFCF25AF78D84499AF7B5FF45314B0586AED8196B226EB31E488CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 014517E9 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $^q
                                                                                                                                                                                                              • API String ID: 0-388095546
                                                                                                                                                                                                              • Opcode ID: 7cc1524944f74c403380fafd0d49b1a5906a9bd438b481240d9352da2a4e8f79
                                                                                                                                                                                                              • Instruction ID: 0eda829ffbf0dbacc63568a7429fef8914566c2fa757e6466dec9cb9ac323676
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7cc1524944f74c403380fafd0d49b1a5906a9bd438b481240d9352da2a4e8f79
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F421C431D00709DFCF259F78D8545AABBB1FF45300B0586AED8596F226EB31D885CB91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01450848 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c084a0dff2ffa2db9b4b4da20d6d79746430666c82245d2b6c7f86aa489c8f32
                                                                                                                                                                                                              • Instruction ID: d0d32872c0da4364fead1f691fea84c57613cfd2e56dbbd598fa2d0e6e634fe5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c084a0dff2ffa2db9b4b4da20d6d79746430666c82245d2b6c7f86aa489c8f32
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24619D35A00305CFDF59EBB8D5146AE7BB2BF84704F00856EE805A7369EB309C86CB51
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 014515A2 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: b4ecb67a7d3cfb4b7f93518a36f9cd07eb43a1d91c8d70518089021a059ad518
                                                                                                                                                                                                              • Instruction ID: e489cdd8aa74c9ff1705f57b620fda3e564a6d2cb7dcdbcbcbe232a352e5bb4e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4ecb67a7d3cfb4b7f93518a36f9cd07eb43a1d91c8d70518089021a059ad518
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51514D32E50B06AAE710DBA4CC45A99F371FFDA700F61CB1AF6483B191EBB0A5D4C651
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 014515B0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c632f92f1cec6a3b61f90405524243e21a311f4a7eb8a591a68674902a512cdd
                                                                                                                                                                                                              • Instruction ID: cb530b7c63db0558afcbaacf6026bacbea1d0e2fa68831eb081326db4ced66b4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c632f92f1cec6a3b61f90405524243e21a311f4a7eb8a591a68674902a512cdd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B515D32E50B06A6E710DBA5CC45A99F371EFD9700F61CB1AF6483B191FBB0A1D4C681
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01451DC8 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 33c1ac49998ae34af860e500ed5f431d62f1b43c16eb7bb0c1406e3eac3cd458
                                                                                                                                                                                                              • Instruction ID: 32a5afccdf342b272510a6c17c11d5821314eb3040f2472d2c9dea0f5253ba6f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33c1ac49998ae34af860e500ed5f431d62f1b43c16eb7bb0c1406e3eac3cd458
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9416232E00B4A9BCB01DFB9D8504DDF7B1FF95310B11C62AE955BB215EB30A686CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01451029 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 45972ffad8d68b182ea5e659b7b6ffd1207204d7b435d3c0334607537552b2c4
                                                                                                                                                                                                              • Instruction ID: 5f866e1b41f2b74b117b83db219b2445dbf4e1f05c4e24832135507ce936407a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45972ffad8d68b182ea5e659b7b6ffd1207204d7b435d3c0334607537552b2c4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C6416B70B0060A8FCB58DFB5D9546AEBBF3BFC8304B00C529D519A7269EB34A946CB50
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01451F34 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d8b889dbedbdf99f1aaed0aec9320989141b14068eee15ccce5440ea3282ce1b
                                                                                                                                                                                                              • Instruction ID: 568c2608dd0ba29eaec99b361214e7800a0262af6031ec04c56e500aabbcee96
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8b889dbedbdf99f1aaed0aec9320989141b14068eee15ccce5440ea3282ce1b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 484112B1D00309CFCB10CFAAC584ADEFBB5AF48710F20822AE809BB210D7756A45CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01451A89 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: e1b6697c81df061bb4721bafb016040aa62432b5cbbfc90c5ffd510ff308eca3
                                                                                                                                                                                                              • Instruction ID: 5a0c219c2da573b1ae4724e3c604c030fa368ecbda1dcce39c2e37387eefed40
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1b6697c81df061bb4721bafb016040aa62432b5cbbfc90c5ffd510ff308eca3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74317432E0160AAADB01DFB9D8905DEF7B2FF94310F11C66AE905A7221FB309585C790
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01451934 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 39ee25a97c7930d7674b206049124624ca5f5e3dd77e978dc70786f37dc2100a
                                                                                                                                                                                                              • Instruction ID: 9ccbfee46ee32bb25cc2efd7934e173f50d764348c8894655cdfc489b77cd7bb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 39ee25a97c7930d7674b206049124624ca5f5e3dd77e978dc70786f37dc2100a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 644113B1D01248DFDB54DFAAC584BDEBBF5AF48700F10802AE809BB261DB345A45CF94
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 014511E4 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 283e42e9d2dd0552258da4e37b7c420d08433daf34bc7e4c7aae3bf569bd7e8c
                                                                                                                                                                                                              • Instruction ID: f1b9ccd75934348ca925401491959778c228bc9c69fde2c3ad0f09ba3745f26e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 283e42e9d2dd0552258da4e37b7c420d08433daf34bc7e4c7aae3bf569bd7e8c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 804102B1D00248DFDB54CFAAC595BDEBBF6AF48710F10802AE808BB261CB755945CF91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01451F40 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: cb1b2988e904e4b7852fddf6563c8e5718f233f1217cd9dcfc08fd049b7cee28
                                                                                                                                                                                                              • Instruction ID: c2011f933af56d038652dd6c2cbb976cce68a2919a6c1361a8270a9b27201805
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb1b2988e904e4b7852fddf6563c8e5718f233f1217cd9dcfc08fd049b7cee28
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0241F3B1D0035DCACB14CFAAC984ADEFBB5BF48704F20812AD519BB211D7756A49CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01450F45 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 33009cea8aecdb211472f9c26f932ff1ef7468ca50e7e7d928de469ed9e480d8
                                                                                                                                                                                                              • Instruction ID: 14e2f86e7eff2ceaa946f28fbaf4481223a521b29b0b0496881514150fc6857e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33009cea8aecdb211472f9c26f932ff1ef7468ca50e7e7d928de469ed9e480d8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F911F3322483444FC796A72DA1501ADBBE6EFC2320B05856FD2458B2B6CA649D8A8761
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 014511F0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 79f0617eb84d60f62c55b04dbe72b662c6650304cf8921c78cd675f3192b040b
                                                                                                                                                                                                              • Instruction ID: c534b40517ac0c82c8670b4526b4949d451315d0238f0ef4c8ccca0c92086f13
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79f0617eb84d60f62c55b04dbe72b662c6650304cf8921c78cd675f3192b040b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC3103B1D012489FDB14DFAAC594BDEBBF6AF48700F14802AE804BB261CB755945CF91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01451940 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 1ad1762429676e3ada7d67f402268da83e51cb509b05fcfb33397f0fa317caca
                                                                                                                                                                                                              • Instruction ID: b7016d7f4d556412a93f41546828eba9ae59f81134d96074ef66062b5d79ab1c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ad1762429676e3ada7d67f402268da83e51cb509b05fcfb33397f0fa317caca
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 473112B1D01248DFDB14DFAAC984BDEBFF5AF48704F20802AE809AB261DB755945CF91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01450830 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 7c81c9f5d3f8d1fa921fb35b2cf765d3fe18d4fb5a02c792e183fff14faa0b62
                                                                                                                                                                                                              • Instruction ID: 5080e4270ea40e9373d0d0179363efda3241fba6d4ec7fdffe20a2c7669a52ae
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c81c9f5d3f8d1fa921fb35b2cf765d3fe18d4fb5a02c792e183fff14faa0b62
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD21C336A003418BDF669A7498106EF7BB2ABC1B04F04466FDD499736AEB35DC06C792
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01451BA4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 5735d48ab52ae31e33de704d758aa5cd4762e6804ec46b3b0d51c18b22a5a90e
                                                                                                                                                                                                              • Instruction ID: dc0bd753845c7a30ddae0c0f9b62144f6524dbc66e2ad0e338087b773423ffdb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5735d48ab52ae31e33de704d758aa5cd4762e6804ec46b3b0d51c18b22a5a90e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0231C0B1D00258DFDB54CFAAD484BDEBFB8AB48710F24812AE819AB251CB755985CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01451CB4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 6795b4daa358c4bc725d01064658b8149b53c2a512873a94e04ac55cb8102f65
                                                                                                                                                                                                              • Instruction ID: 86a926313ce133790f26ae40f5fbc79cf9ff58274dc9782dae67e9d21ae954e6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6795b4daa358c4bc725d01064658b8149b53c2a512873a94e04ac55cb8102f65
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E83103B1D00248DFDB24DFA9C584BDEFFF5AF48710F24812AE818AB250C7756986CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01451CC0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 7a059b8e4f6ce652e7b69f461197c708176d70d861c23deeb189bf8bf5ccb8b6
                                                                                                                                                                                                              • Instruction ID: 07c95f09b36c1a4139d0535d3101762ff5d0d13b027c5cc1b7f7abd90945d823
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a059b8e4f6ce652e7b69f461197c708176d70d861c23deeb189bf8bf5ccb8b6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C31D4B1D00258DFDB64DFAAC484BDEFFF5AF48710F24802AE819AB251C7756946CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01451BB0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 4f176281bdd30022115331419b311c8d125a3cb8ed3c64cc357fb673478e41b2
                                                                                                                                                                                                              • Instruction ID: 0ed912bed912349d0586c816a310743d076ba760de1e2e5c49137b8a01e55f30
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f176281bdd30022115331419b311c8d125a3cb8ed3c64cc357fb673478e41b2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5121D3B1D00258DFDB54CFAAD484BDEBFF8AF48710F24802AE819AB251CB756845CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01451188 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: e4ace61a89d4e8e3728d1705505d259b0a115fbf58c26e7b4fa464159d280743
                                                                                                                                                                                                              • Instruction ID: 86e29a83ba73b3e7a08a6e6ed8a8da042323abc07bd112ee4c07a7510b5e36ca
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4ace61a89d4e8e3728d1705505d259b0a115fbf58c26e7b4fa464159d280743
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7CF08231A01209AFCB45CFB0D9508EDBBF6EB45214741C2ADD404CB121DA358F42CB50
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 014518E0 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9f582a85150941f86ad291a227c4606a56926a9322d5a6ad73ca64030b39b6ef
                                                                                                                                                                                                              • Instruction ID: aede4195c6c6085cc6283c11a253742c304c67f90374ddc86545f20c3897b2f0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f582a85150941f86ad291a227c4606a56926a9322d5a6ad73ca64030b39b6ef
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12F02730A013099FCB49CFB099408A97FF6DF82204306C1EDC008DB111DB348F42D740
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01450AD8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: fdd0b2aa024e1be7bc0061b72535b819a9bf11080bb9d286006e6dc4b3eaf07f
                                                                                                                                                                                                              • Instruction ID: ffd45ea4283e2d49ff53a29fc6560d0f5362c16ab92ac87081450dc2631e3e54
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fdd0b2aa024e1be7bc0061b72535b819a9bf11080bb9d286006e6dc4b3eaf07f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BAF0F830911209EFCB88EFB8FA4459CBFF2FB44204F5046ADC515E7314EB306A849B40
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01451198 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 2fc73ee4bdc4fb7eb7a5df307cf0fe401a01a1abb124d39d7307f85a916a68ad
                                                                                                                                                                                                              • Instruction ID: 5a7161b42d31b25e2cf801ecca8dd336aac08108444e76d208ed47f7d45ee67a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2fc73ee4bdc4fb7eb7a5df307cf0fe401a01a1abb124d39d7307f85a916a68ad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23E09231B01109AB8B44DFB0D900D6EBBEAEB44204701C0A8D50887214EA31DA019790
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 01450B3A Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 4a824108529eb0dd04330bdc8a47e8d7a2b25d88832564c3998707b34056a1f5
                                                                                                                                                                                                              • Instruction ID: 8fe8c72f8105fd59eb5cad67a8a9a6bf89d017b12e6765301e98774ac2c4a1b9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a824108529eb0dd04330bdc8a47e8d7a2b25d88832564c3998707b34056a1f5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBE0CD313507018FC3865B6C9150098B7E2EEC0320741426ED60497229CF785D4587D1
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 014509B5 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000028.00000002.2551913698.0000000001450000.00000040.00000800.00020000.00000000.sdmp, Offset: 01450000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_40_2_1450000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 793e1d69ff201fb3fd197caecb0ab8d68d69e26018c788126d14dc2a1cffaee1
                                                                                                                                                                                                              • Instruction ID: 764fac1dc2eab4563547316f6db67d30a9a6e50b8882a848bca90a5105ea9940
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 793e1d69ff201fb3fd197caecb0ab8d68d69e26018c788126d14dc2a1cffaee1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9D067357401198FCF00EFA8D5445DC77B0EB88715F000169E5099B271D77598558B51
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FFD9B400FA8 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002A.00000002.2555346457.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_42_2_7ffd9b400000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 3be0bf847d39d2d0875e5cd1eaec34787fcec8f65773990de09d6c91ed868957
                                                                                                                                                                                                              • Instruction ID: ab1561c18d3dc3b2a34e2238a8a510388268936922be1a83ddee7623dea4f1f3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3be0bf847d39d2d0875e5cd1eaec34787fcec8f65773990de09d6c91ed868957
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2971C853B0FACD0BE776069C6C61135AF91DB97668B0903FBE0C8861FBD85A9E05D381
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B40135A Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002A.00000002.2555346457.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_42_2_7ffd9b400000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8ffa4b71212f0b8d9a1a17963f20b7d6e102487088b30dcab1e7f92ed2a83e01
                                                                                                                                                                                                              • Instruction ID: 62de078f7a369aa7830a40a7e6cdda806884d609bd3aed979f34ace8eae38558
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ffa4b71212f0b8d9a1a17963f20b7d6e102487088b30dcab1e7f92ed2a83e01
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D21B431A0CA4C9FEB18DBA8D849AE9BBE0FF55321F00422FD049D3652DB756856CB81
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B400E47 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002A.00000002.2555346457.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_42_2_7ffd9b400000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8c5d210fd30242c861bc28f9facdba03e31e0d08fa56d31f7775c548c72a05ed
                                                                                                                                                                                                              • Instruction ID: 502064197ac069986440f5216ba7419f2e2bb6a9483ef7a9ad5a3096c19436a0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c5d210fd30242c861bc28f9facdba03e31e0d08fa56d31f7775c548c72a05ed
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBF0E971A0DA480FD715AF68A8538E97BD0EF45364B2405FFE04EC7197D93AD5838782
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 02A517F8 Relevance: 2.6, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $^q$$^q
                                                                                                                                                                                                              • API String ID: 0-355816377
                                                                                                                                                                                                              • Opcode ID: a6dabe561d1d3b01231be5b16c1b04861adce1ce866fceaf7b43038f44451118
                                                                                                                                                                                                              • Instruction ID: 8baa28d61ce0939442e767d2328d2c25f0ab95625cd847a8e01b5fabe67ee787
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6dabe561d1d3b01231be5b16c1b04861adce1ce866fceaf7b43038f44451118
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F921B431D00719CFCF109F68D8449AAF7B4FF45304B058A6ED8196B262EF31D499CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A517E9 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $^q
                                                                                                                                                                                                              • API String ID: 0-388095546
                                                                                                                                                                                                              • Opcode ID: fa87728f022ef3b4d311d8f07a4aae1cce04acde045b4987ec998e62ebd08754
                                                                                                                                                                                                              • Instruction ID: 95bd3943a99cf92a172146de988710687ddfccf0dd80fc0cc904c8fff2597cdb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa87728f022ef3b4d311d8f07a4aae1cce04acde045b4987ec998e62ebd08754
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B2210231D00759CFCF119F78C8585AABBB1FF45300B098AADD8492F262EB31D495CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A50848 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 0527dae8db104e3b50a1f29867d1c2a2970b6e57f10bbd3927d78640b523fb43
                                                                                                                                                                                                              • Instruction ID: 5f1d3e0f1ab78ef6a7a7664f440d9a60f5281136463de1ee5216eed28effc2c2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0527dae8db104e3b50a1f29867d1c2a2970b6e57f10bbd3927d78640b523fb43
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5961AC34A00319DFDF15EBB4D4586AFBBB2AF89704F00856AE905A7358DF74984ACB81
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A515A3 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 75f13ec5d090e54000dd580cb22eec76b4d2f9891ede3000d5bfce065612faa6
                                                                                                                                                                                                              • Instruction ID: b266f42ef48f2074977d6f6ecbdcb9b9b2c7ed903d0b62a1e685e049ca6fedd6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75f13ec5d090e54000dd580cb22eec76b4d2f9891ede3000d5bfce065612faa6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D517232D50B06AAE710DBA5CC45A99F371FF9A700F61CB16F6483B191FBB0A1D4C691
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A515B0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8714e1d6d5717b9b504fea708fce5187e2eb34d1e75b1b365de610c0da3b837a
                                                                                                                                                                                                              • Instruction ID: 6466f1aebe14ba2dc43643f863ffdedf296b757191ec8abdd629202b6015b167
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8714e1d6d5717b9b504fea708fce5187e2eb34d1e75b1b365de610c0da3b837a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91513E32E50B06A6E710DBA5CC45A9AF371FF99700F61CB16F6483B191FBB0A1D4C691
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A51DC8 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9154e1889c381c25cd3c1056d987eccb4cd384b2bb2e76c42b91f1d6794d6b0b
                                                                                                                                                                                                              • Instruction ID: fa70c6d867e13ccca06c7a5e3f37bd1292290b837b2f63bc3b8d92bcc0bcae68
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9154e1889c381c25cd3c1056d987eccb4cd384b2bb2e76c42b91f1d6794d6b0b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9419532E00B4A9ACF01DFB9C8905EEF7B2FF85300B11C65AD959BB111EB70A595CB80
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A50F20 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 4a43a4d4749c71af8e9fe95fc7efe6a6bda613d321d90b8d83fc5cdea50b14ad
                                                                                                                                                                                                              • Instruction ID: 442ab2d83e26abb5c73eda19d3984e78aaa9c3a88ad52ec328338c98d947411a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a43a4d4749c71af8e9fe95fc7efe6a6bda613d321d90b8d83fc5cdea50b14ad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB31A72524D3D50FC703A77CA5601ABBFA2CFC6354B0944ABD984CB1A7DE64988DC7A1
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A51F34 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 78562a090f383233a84b8ddfcffd8b8bceca67e1ae1e0302f9729b12aba888ef
                                                                                                                                                                                                              • Instruction ID: bb487d21ac648bc0dd685ab6ffa57bb0c156b998ec41c51e0dce7753f4c72663
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 78562a090f383233a84b8ddfcffd8b8bceca67e1ae1e0302f9729b12aba888ef
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7412471D0035D8FCB11DFA9C480ADEFBB5BF49304F20812AD859AB244DB756A49CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A5102B Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: b66d96bb08cd656dfcca6a246071af4c82448be5d0daa6bc15c7a973cbf3dc3e
                                                                                                                                                                                                              • Instruction ID: d6c5f60db3f48f90bd854471a56adc500cc6f759249c4daab312226d4dd20758
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b66d96bb08cd656dfcca6a246071af4c82448be5d0daa6bc15c7a973cbf3dc3e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83416C34B0060A9FCB04DB75C9956AFBBF3FF84304B40C969D509A72A4EF34A90ACB50
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A51A89 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d87a7a3eeef63db86a334a26aedffd22b7ff582b70965c7a9f64d5ae9e5bd186
                                                                                                                                                                                                              • Instruction ID: 2b7a4e941113805229c5e0455913a7d87434e1b543b83c35bca9df3b838ef1e4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d87a7a3eeef63db86a334a26aedffd22b7ff582b70965c7a9f64d5ae9e5bd186
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24317432E0160AABDB01DFB9D8805EEF7B2FF94300F11C66AE904A7250FB30A595C790
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A511E4 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: db408a407ada6732a5de81d30824c6e07cbb5c55c47ab47e619d24dc4f828b23
                                                                                                                                                                                                              • Instruction ID: 465b2a98be2277e4ced199182f28bab6b60d081ed906c0fe21e745bdb5f20919
                                                                                                                                                                                                              • Opcode Fuzzy Hash: db408a407ada6732a5de81d30824c6e07cbb5c55c47ab47e619d24dc4f828b23
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F4112B1D002589FDB15DFAAC594BEEBBF6EF48304F20802AE808AB250DB745945CF91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A51934 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 96e8a997012fd1195e13062fbadc3ab0e62ea2c538cf0ad6d79ade6c49219d74
                                                                                                                                                                                                              • Instruction ID: de454b55923171978de197c63c1137f76675dff94936050ec2a744711f56ab3a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96e8a997012fd1195e13062fbadc3ab0e62ea2c538cf0ad6d79ade6c49219d74
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B4145B1D00258DFDB15DFAAC984BEEBBF5AF48304F10802AE809AB250DB745945CFA1
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A51F40 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 4ba6c2a98f6dff8cd9016e76dbb184cbba9ddee5d2f8c45ff3fba59721a73102
                                                                                                                                                                                                              • Instruction ID: 2e58e486d846dd326005e1dc385357cea330d7c9dfe798cc92e2de054c2cedcf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ba6c2a98f6dff8cd9016e76dbb184cbba9ddee5d2f8c45ff3fba59721a73102
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E341F6B1D0035DDADB10DFAAC584ADEFBB5BF48304F20811AD819BB244DB756A49CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A511F0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: b4b29f33029de8f5b445c546f8f23e9b6eb7144136f92a899e3e2bfe7f3caae5
                                                                                                                                                                                                              • Instruction ID: fbb521f6067f02b5037331c8060f777e10116d5dcbe00e7d6470030c4f2da39f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4b29f33029de8f5b445c546f8f23e9b6eb7144136f92a899e3e2bfe7f3caae5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B63133B1D00258DFCB24DFAAC994BDEFBF6AF48304F10802AE808AB250CB745945CF91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A51940 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 99bb3a1e1d29433d9f7a7d113ddbd30b4b84c65060d8208986551d7d334f313b
                                                                                                                                                                                                              • Instruction ID: 30e0a082b137dc103a7505378d3c73797f66a6e4280f06a603d09198a221a3bb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99bb3a1e1d29433d9f7a7d113ddbd30b4b84c65060d8208986551d7d334f313b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C3102B1D01258DFDB15DFAAC984BEEBBF5AF48304F10802AE819AB250DB745945CFA1
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A51CB4 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 496c688f91046c7ae64ab7604e82f9b5331a743058e1bcc7a33d2fc850568e83
                                                                                                                                                                                                              • Instruction ID: dc26d8c88da5fc31364ecbfc121c1d9bce97db93b1b859e0dbee9988ca12a111
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 496c688f91046c7ae64ab7604e82f9b5331a743058e1bcc7a33d2fc850568e83
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C3104B1D00258DFDB24DFA9C584BEEBFF5AF48314F24812AE819AB240DB759845CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A50830 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 30fd28c641f56ebf68d64030526346b0e3ccf1cc9724a06d55e393650f2465c8
                                                                                                                                                                                                              • Instruction ID: f6ee288c8ffa46f5c0978368ed3bfc40dd488dc289347b6df60de5401da084a1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30fd28c641f56ebf68d64030526346b0e3ccf1cc9724a06d55e393650f2465c8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B221D1316043658FDF169B74C4507AF7BB2AF8A708F0445AADD499B358EF35980AC7C2
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A51BA4 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: b8a42e77c1adf68b3bb14543fc3f7a5f8d964bd0db6b8665860bb1c149a8d78b
                                                                                                                                                                                                              • Instruction ID: 3c5780d5d873d6f2e7a32ba5935e595eaae89008d523b4f86eb2d68fa4d68719
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8a42e77c1adf68b3bb14543fc3f7a5f8d964bd0db6b8665860bb1c149a8d78b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F431E4B1D00258DFDB14DFA9D484BDEBFB8BF49314F24802AE819AB240DB755985CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A51CC0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: b56dcc780dc0f0654fd762515fca292caffb921c0269c64a67b68c3b0424eef4
                                                                                                                                                                                                              • Instruction ID: 976fa64220b2495654ca7c06cbf76fc5313643151bf5e3c0e42972cf04d394c7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b56dcc780dc0f0654fd762515fca292caffb921c0269c64a67b68c3b0424eef4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D331D4B1D002589FDB24DFA9C584BEEBFF5AF48314F24802AE819AB250DB755945CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A51BB0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 714db61a116e52fd03e807a1a9be998fff3a7b83e1f8c0d60dc309facbe951ee
                                                                                                                                                                                                              • Instruction ID: ec1d6271c5fe13374d5fc7a2dca375004bd43e1e29e01db33583aee3097cf435
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 714db61a116e52fd03e807a1a9be998fff3a7b83e1f8c0d60dc309facbe951ee
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6521D2B1D00258EFDB14DFAAD484BDEBFB8BF48314F24802AE819AB240CB755845CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A518E0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 34637ca2d1fc8cd40224b90b2b6b77b0411754e2d1622a2ff32a4c58503884a3
                                                                                                                                                                                                              • Instruction ID: 31249b23c911a72c55e50b6368f1fdf519da9b2972c74c217d8bfc49e1c99e1b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34637ca2d1fc8cd40224b90b2b6b77b0411754e2d1622a2ff32a4c58503884a3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60F0A734609249AFDB42DF788D5196ABBFADF82304705C4E9D408CB151EE349A45D791
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A51188 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 148eb4077f47156abb62bbd94effe5b578a6fccf78167eae14a121880eee87c5
                                                                                                                                                                                                              • Instruction ID: 65ab78ed8b500ac9b4537f5a5c19d6dae9bfe2460f96b96fd57f51e83532ad46
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 148eb4077f47156abb62bbd94effe5b578a6fccf78167eae14a121880eee87c5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AF0A035A05209BFCB02DFB0CA5096ABBF6EF4630074084E9D908DF252EA35CA49CBD0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A50AD8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 674152760fb7db1ebf4b9175647ed80846106f1ceee7a1ebf8ccb4263e4478be
                                                                                                                                                                                                              • Instruction ID: 40c092f0be1e2d074d4bfb0b383ea8d080ce857af861865f03f4765b650a1b9a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 674152760fb7db1ebf4b9175647ed80846106f1ceee7a1ebf8ccb4263e4478be
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1F0F838D05208EFCF40FFB8E94559DBBB1EB48205FA049A9D905E7255EA70AB498B40
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A51198 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 099c266b8af3dbb994619186ea60787b5171933d42119c8017475942697b67f7
                                                                                                                                                                                                              • Instruction ID: 6b264c2a84d96d7f9d7809f75cf086b2a58726da8ed504714f482385caf5b58d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 099c266b8af3dbb994619186ea60787b5171933d42119c8017475942697b67f7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1E01235B01109BBCB04DFB4C951D6FBBEADB44304740C5A8D909DB251EA31DA159790
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A50B3B Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f72e8aed008ab3b20eab7af0fb64bd9025f7adeae89495349cbb08909cd6e5e1
                                                                                                                                                                                                              • Instruction ID: 0c967a4ef3d75c81ceacabc21b926ff7ae0569c087fae9734ea3b2469884ef72
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f72e8aed008ab3b20eab7af0fb64bd9025f7adeae89495349cbb08909cd6e5e1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2E0C22A2486914FC342A7BC51600AAABE2DDCA22074401A6C944C731ADEA8DD4B8BD1
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 02A509B5 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002C.00000002.2560815675.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_44_2_2a50000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c69baa012326e98a5c125765e1ae85567a1898bb0a4721d4494938a98e2c7ba5
                                                                                                                                                                                                              • Instruction ID: 36d7387a81e10441e9deaa6a0fbe60651095d6883883e6ed5283882a80ceda6b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c69baa012326e98a5c125765e1ae85567a1898bb0a4721d4494938a98e2c7ba5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 95D06C35B402298FCF00EFA8D9486DC77B0EB88725F0000A9E60AAB260DB759855CBA1
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FFD9B3E0828 Relevance: 1.5, Instructions: 1493COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002E.00000002.2564196391.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_46_2_7ffd9b3e0000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 38bf539231ae98bc5d2e4b6489a6ae5669922b38d3c270c444ffbd24cfbbc901
                                                                                                                                                                                                              • Instruction ID: f00a390f8c6825bf0d89fd25ee7c2b5a81ede21024465eeb0a712462d8bf4c9b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38bf539231ae98bc5d2e4b6489a6ae5669922b38d3c270c444ffbd24cfbbc901
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06A23A61B0FA891FE369EBA848666797BD1EF86300F1505FFD08DCB1E7DD18A9058342
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B3E135A Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000002E.00000002.2564196391.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_46_2_7ffd9b3e0000_sbdrvmgr.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 34ca230072e4230f4b26120cea88c11fcda72180061687daaddb7a716bd27997
                                                                                                                                                                                                              • Instruction ID: 799cfa78c2031ba7a04387ad4a7c256d2a40fe439d8c2577853732e98312060b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34ca230072e4230f4b26120cea88c11fcda72180061687daaddb7a716bd27997
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8921B631A0CA1C9FDB18EFA8D849AE97BE1FF55320F00422FD049D3652DB756846CB81
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FFD9B4912C0 Relevance: 2.1, Strings: 1, Instructions: 894COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000030.00000003.2595779171.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_48_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: 2D_I
                                                                                                                                                                                                              • API String ID: 0-1054241413
                                                                                                                                                                                                              • Opcode ID: f716c10cb095e6de98d907f817ebc8d8ccbb4d4aa7331f0c8a484c42f8cc6398
                                                                                                                                                                                                              • Instruction ID: 750f5e0125d896cef081b7c0598bc752478afd120093592e7aca19f52e4a880d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f716c10cb095e6de98d907f817ebc8d8ccbb4d4aa7331f0c8a484c42f8cc6398
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B527C63B0FAC51FE73586AC58251787B92EF86B64B1901FBD089C71FBE864AD01D342
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B491518 Relevance: .5, Instructions: 489COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000030.00000003.2595779171.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_48_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f4680388a65131b269f24685107accea1fca11bb07e1ed3c8b55177b8261eca3
                                                                                                                                                                                                              • Instruction ID: b1c466b73ec7d9df1cb748e34ce57e356579ac8e5d78a87a0c7716e0810e25f7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4680388a65131b269f24685107accea1fca11bb07e1ed3c8b55177b8261eca3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 84E18A62B0FAC90FE7758AAC54291787BD2EF86754B1901FBD089C71F7DC25AD029382
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B493751 Relevance: .3, Instructions: 307COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000030.00000003.2595779171.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_48_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 519c9403c9639e24a13339e0ffcab26240cbb729450732bdeca02d8b8a987c22
                                                                                                                                                                                                              • Instruction ID: 73f999e136deeb17f0b0931d656189cc6f0d4f65bdd31246edd2016d5d421b70
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 519c9403c9639e24a13339e0ffcab26240cbb729450732bdeca02d8b8a987c22
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E391162160E6C94FE766D77C98646717BE0EF53728B0901FAD0D9C70A7E908A946C742
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4920FA Relevance: .3, Instructions: 342COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000030.00000003.2595779171.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_48_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 63ab576380855cf22d00d1ea5c3e1678bf9e21ce71404476c145a2db7231e725
                                                                                                                                                                                                              • Instruction ID: 430734be7e052b0b8a6a198c1468ed3c65c22efb139f4d773920d1fb173d1947
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 63ab576380855cf22d00d1ea5c3e1678bf9e21ce71404476c145a2db7231e725
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26A12B13B1E5960AD71A77BCB4665F57FA1EF4223870842F7D0DDCB0E7DC09648A8291
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B49449D Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000030.00000003.2595779171.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_48_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a7ff631d140b8e043550b75fb2c73ae7b4741ddd8dc045d0eaba6183c2394a65
                                                                                                                                                                                                              • Instruction ID: 5aaa9d6fbe42afc5d3aed4cc68bc73c17b32f4032d6523ee924737d475393808
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7ff631d140b8e043550b75fb2c73ae7b4741ddd8dc045d0eaba6183c2394a65
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A612422B0EA5A0FE7B952A894753B526D1EF85B28F1601FED449C71E3EC0CAD455381
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B49410E Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000030.00000003.2595779171.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_48_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 2ebd188617900d88addd109b2ef4eadb90a8c33852b510c07b3b6bd97b7f8ec8
                                                                                                                                                                                                              • Instruction ID: 0086bd1b30ba55ed291394ab282fae540be053be71c3f68b9c36fc37ec9f63c4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ebd188617900d88addd109b2ef4eadb90a8c33852b510c07b3b6bd97b7f8ec8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E161A330B19A498FDB59EF68C865AA477E1FF59304B1001BED00ECB2A7DE39A946C741
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4934E1 Relevance: .2, Instructions: 196COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000030.00000003.2595779171.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_48_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d0c75e7faccb775342afe709204d1bd9caed099f8492168c122052e2e4d11657
                                                                                                                                                                                                              • Instruction ID: eeb34b71105cec1d6c9ddeee2d0802d2c8b96a441e4ace3c8708c547bfcc1552
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0c75e7faccb775342afe709204d1bd9caed099f8492168c122052e2e4d11657
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2051DF30B19A0C8FEB95EF6CD859AE977E1FF59314B1500BAE409C72A2DA35EC41CB40
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B492C25 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000030.00000003.2595779171.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_48_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 99d44175946f68de55bfa3b240cca54c2b3433061827e94ba4036880d89995b6
                                                                                                                                                                                                              • Instruction ID: eb3840cc9e19d39a8074ddadb051e041d732cb9e87ddc293614c1f9608b2a5a8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99d44175946f68de55bfa3b240cca54c2b3433061827e94ba4036880d89995b6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA412911B0FB9E0FE7BA56B844752A43BD0EF46A54F0602FAD059CB1E7E90C59479341
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B491D90 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000030.00000003.2595779171.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_48_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c0868629ebce3601edd6226df6a980c36f4085ec464035d4bb0de44edbd2b5ef
                                                                                                                                                                                                              • Instruction ID: d54a35942878632008403912c933b4b15dc61b419df71b398dd1caddfc05c5ca
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0868629ebce3601edd6226df6a980c36f4085ec464035d4bb0de44edbd2b5ef
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD412811E0FB8A1FFBAA967848756A43BA1DF46654B0601FBC048CB1E7ED4C5D468342
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B491C51 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000030.00000003.2595779171.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_48_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 92a0d3aaed17cc176f48ff47ace37e1611b8fb3bc323745b2619a9242556e431
                                                                                                                                                                                                              • Instruction ID: fbbe0e52070f2730414d4ea3795a568600949b39f13d696af102346d16c510ae
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 92a0d3aaed17cc176f48ff47ace37e1611b8fb3bc323745b2619a9242556e431
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E41E33091E7C95FDB2A9BA958646F57FA0EF13329F0801BFD099C21A3CA582416C746
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4939B9 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000030.00000003.2595779171.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_48_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a3eb66a52495195437346b2e6157a9f9ea593002305845c0f631a994a962840d
                                                                                                                                                                                                              • Instruction ID: ec0a64423e414baecb34b1273c545bee48ec5c4fe4cfbaf6849ac825691e998b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3eb66a52495195437346b2e6157a9f9ea593002305845c0f631a994a962840d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9821F83060E78E8FD756DF78C8616A13BE1EF47704F1640B6D409CB2B2C9759941CB01
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B493168 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000030.00000003.2595779171.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_48_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f3806c8a42dee169c0dfadb9a06870ba6249b648c65239ed1effc851e4def48e
                                                                                                                                                                                                              • Instruction ID: 68b1133ea6a6f7e044d27875454af783d97870ed1c5fc6300c213e6072618c90
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3806c8a42dee169c0dfadb9a06870ba6249b648c65239ed1effc851e4def48e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DF01D11B5AC5E06F37621E816A62B961C1AB4AA2CFA60635D83DC62F2DC08AA522552
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4948A1 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000030.00000003.2595779171.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_48_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 6ef2cf62a0f86dcde3c50375a57f9e439c62b1f8ec193355a40a5cfd55076e09
                                                                                                                                                                                                              • Instruction ID: d35b8fed899efea97e0c18402f830fb2f4c0db24bffa54ba07f6f3fdcdf79ff3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ef2cf62a0f86dcde3c50375a57f9e439c62b1f8ec193355a40a5cfd55076e09
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4BF0FF1851E6C94FDB72977C9870A627FE49F43628B0944EEE0D8C60E3D9881986C382
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B4927D7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000030.00000003.2595779171.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_48_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 93cf5aacaa3026acf39e252800ffc57ec0fa43b80f8df4008369a67914db63ca
                                                                                                                                                                                                              • Instruction ID: 8adbff31f14a59e48ac99d4f04ede518e311642460e879845901edf7a5f28b57
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 93cf5aacaa3026acf39e252800ffc57ec0fa43b80f8df4008369a67914db63ca
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DAE07D32A4F94C5BCB10EA9A6CA04CA3B98FB8D318B01016AF48CC3251E2525511C351
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FFD9B490271 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000030.00000003.2595779171.00007FFD9B490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B490000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_48_3_7ffd9b490000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 494321b211d3b07eba72ae0cfba8f1e5f15258979fdff7b412b7bd2dce9a97e0
                                                                                                                                                                                                              • Instruction ID: 06401d89036e6c46b20f7c1a37fce2788aa04f350aaf19392997c2e569a891a5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 494321b211d3b07eba72ae0cfba8f1e5f15258979fdff7b412b7bd2dce9a97e0
                                                                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 024B0848 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000031.00000002.2595030527.00000000024B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_49_2_24b0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 7b29d259c7d34830008c6b9bb0029f87d87ca06b9c5e5bbf5bf79ca1ecb4390c
                                                                                                                                                                                                              • Instruction ID: 943034e9fa069ffe93d4fa156ff1c7f66b7a0252df350fe3735f2bb18450176a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b29d259c7d34830008c6b9bb0029f87d87ca06b9c5e5bbf5bf79ca1ecb4390c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D161BE30A003058FDF16EFB4D8546AFBBB2BF99705F10986ED405A7368DB319886CB91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 024B0ED8 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000031.00000002.2595030527.00000000024B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_49_2_24b0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 2e2fbd51e5dd130166265759a7d2ce22cf37493f5c524e62ea77af759082bdb6
                                                                                                                                                                                                              • Instruction ID: 2a829ebc1c735a2c67523db02866dcade05085f0d909a5961fac1adb045d7c7b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e2fbd51e5dd130166265759a7d2ce22cf37493f5c524e62ea77af759082bdb6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D521912128D7C00FC713633D95645AABFA6CEC3215B0A44EFC1C68B6B7C9548C8AC762
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 024B12E1 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000031.00000002.2595030527.00000000024B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_49_2_24b0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d65b4a54bc5fb71fc485896e1889dd4c766ca7a1bdc24a9d396455b780ab25da
                                                                                                                                                                                                              • Instruction ID: 5958aec06b6267fbe144bee7ed133a86c46713db3548969b675823bc91a7df9a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d65b4a54bc5fb71fc485896e1889dd4c766ca7a1bdc24a9d396455b780ab25da
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F515F32D50B46A5E710EBA5CC45799F372FF99700F61CB16E6483B191EBB0A1D4C641
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 024B12F0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000031.00000002.2595030527.00000000024B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_49_2_24b0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9ff436c6b6cb8fff2475add2d08bad9a86d42aaf57635816e95888903234f666
                                                                                                                                                                                                              • Instruction ID: 934294a0560049152d3d8dacefab2f7180b8a0b9e0ad20a10b8fc9360c0c995f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ff436c6b6cb8fff2475add2d08bad9a86d42aaf57635816e95888903234f666
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88513D32E50B0AA6E710EBA5CC45799F372FF99700F61CB16F6483B195EBB0A1D4C681
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 024B1C74 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000031.00000002.2595030527.00000000024B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_49_2_24b0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 4974df4b9d3f3dea22b65f55ea9a0b6e80bd05750fb967624c7bc296d1f69f66
                                                                                                                                                                                                              • Instruction ID: 20630b266b7805296f70cce14df698d078eaf03718553bc865c93f358163834e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4974df4b9d3f3dea22b65f55ea9a0b6e80bd05750fb967624c7bc296d1f69f66
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E94126B1C0035D8ECB10CFEAC994ADEFBB5AF89304F20822AD459BB244D7746A45CF90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 024B1674 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000031.00000002.2595030527.00000000024B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_49_2_24b0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: b8e305af2bfadbd6dd848f5f04d0332598fc508efa32f5753be05a31fd27add6
                                                                                                                                                                                                              • Instruction ID: 4abf41ccb7f05734928bc613cfe2364e03b22c899019126b4904fc0dd1626a58
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8e305af2bfadbd6dd848f5f04d0332598fc508efa32f5753be05a31fd27add6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 404136B1D01248DFDB15CFAAC994BDEBFF5AF48304F14806AE409AB250DB745946CFA1
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 024B0830 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000031.00000002.2595030527.00000000024B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_49_2_24b0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: deea9760ef607dd2f9a0259a2be192718aeb7f36864b3030902243803b11a001
                                                                                                                                                                                                              • Instruction ID: f98ec70afc44e1b534fec6339dcae083149e4a6112090ff9f8a0cf5d01efa918
                                                                                                                                                                                                              • Opcode Fuzzy Hash: deea9760ef607dd2f9a0259a2be192718aeb7f36864b3030902243803b11a001
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C521A1316003414FDF179B70C8247EF77B2AFD6609F04596BC84997359DB368806C792
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 024B18E4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000031.00000002.2595030527.00000000024B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_49_2_24b0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 70c81246021d0d1de0d0844fce58b1ac8e1d2cb0c79b0c32df3f6b8396ba6800
                                                                                                                                                                                                              • Instruction ID: ed580d61f41e0918c6c90301ae07fd9ff038b93d9c3f6ca44a74e2e91c92e439
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 70c81246021d0d1de0d0844fce58b1ac8e1d2cb0c79b0c32df3f6b8396ba6800
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA31E5B1D002989FDB14CFAAD495BDEBFF4AF08310F24812AE459A7254C7755846CFA0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 024B1A00 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000031.00000002.2595030527.00000000024B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_49_2_24b0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c7ae3a05a4f698ccf9f060da598ce2a45d285041299a32d0e819205b6e1bcac8
                                                                                                                                                                                                              • Instruction ID: 7695b9487b86997cee8d9f71af3e03101e81e10c80fba6bd11912be153d45e3e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c7ae3a05a4f698ccf9f060da598ce2a45d285041299a32d0e819205b6e1bcac8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B31D4B1D002589FDB14DFAAC494BDEBFF9AF49314F24802AE419AB250C7756985CFA0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 024B1028 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000031.00000002.2595030527.00000000024B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_49_2_24b0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: fb066c4e81d5b4eb68bdd5820a9f4d188c2d1c938716926e26dc2eea5616d57b
                                                                                                                                                                                                              • Instruction ID: 89f8a8fc69e0c2cc88d8f3daad316faa6ddedd647822539cdf36c0794793154e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb066c4e81d5b4eb68bdd5820a9f4d188c2d1c938716926e26dc2eea5616d57b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E30126317093405FC706CB7AE8206AEBBA2DFC2350B10C5BBD009CB761DA319C46CB10
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 024B10C8 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000031.00000002.2595030527.00000000024B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_49_2_24b0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 13ee6105e4cf21ea70bc9c37d259a893e1bd10ceb3b9dee9b54772b10071c866
                                                                                                                                                                                                              • Instruction ID: 12e8b78fc8eda8a7a15cc8a003af29b3170f01aea409917a71f9cbb645804830
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13ee6105e4cf21ea70bc9c37d259a893e1bd10ceb3b9dee9b54772b10071c866
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90F0893170010867CF15DAA5D8559EEB7ABEFC8311F00C03AD505A7250DA319915C7E1
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 024B161F Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000031.00000002.2595030527.00000000024B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_49_2_24b0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 14e30878ceb94096b1cc4b6ce1434eeab2f33d4c0ae5d2d63ea37db59779e387
                                                                                                                                                                                                              • Instruction ID: b33a0b4b672ab63fa5245ef118dd21d6a2afaa6c9fb66300efbd9a7091f54576
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14e30878ceb94096b1cc4b6ce1434eeab2f33d4c0ae5d2d63ea37db59779e387
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43F0A731A492496FC701CBB09D55AAEBFE6DBC2204B05C4EED40DDB252E9318A069751
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 024B0AD1 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000031.00000002.2595030527.00000000024B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_49_2_24b0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: b41eef69b025b1aa3f7de867668bdd8728e51374e3b78b6ab390fb23fa4f9c0e
                                                                                                                                                                                                              • Instruction ID: 8d53dc25528d0864793ec74edbcfd741f99f7c16d16066f0d0b6ccc2ae29f414
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b41eef69b025b1aa3f7de867668bdd8728e51374e3b78b6ab390fb23fa4f9c0e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9EF01730D55208EFCB01EFB8E955A8CBFB0EB44201F6086AED405A7365DA305A489B41
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 024B0AD8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000031.00000002.2595030527.00000000024B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_49_2_24b0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 495d0b37d881a685e4ac4f93af92adb29d49d653a58d7b12317d488305a0e864
                                                                                                                                                                                                              • Instruction ID: af2fbf611aaab74d713847230543498357e3a9892def02c6d4a5f2f07564e48e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 495d0b37d881a685e4ac4f93af92adb29d49d653a58d7b12317d488305a0e864
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AF0F834D51208EFCB40EFB8E945A9CBBB1FB84301FA095BAD405A7328EA306B449B41
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 024B08FF Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000031.00000002.2595030527.00000000024B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_49_2_24b0000_DefMic.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 93ead50c9fe6d104226d6b6779934f3c8121557e61f44271008e4f511cd49f1a
                                                                                                                                                                                                              • Instruction ID: 1eb32b9f704f8efa8102ac33131a0a07b4a960417bcc891127b997b4c72f8f1b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 93ead50c9fe6d104226d6b6779934f3c8121557e61f44271008e4f511cd49f1a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6AD067357401198FCF01EFA8D5445DC77B0EF89615F000069E1099B260D7759855CB61
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%